Microsoft Publisher MS07-037 exploit

PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2007-1754
Product Version: 
6.2
Released Date: 
Thursday, July 26, 2007 - 00:00