Vulnerabilities > Microsoft > Office > 2000

DATE CVE VULNERABILITY TITLE RISK
2008-08-12 CVE-2008-3005 Improper Input Validation vulnerability in Microsoft Office
Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
network
microsoft CWE-20
critical
 9.3
9.3
2008-08-12 CVE-2008-3004 Improper Input Validation vulnerability in Microsoft Office and Office Excel Viewer
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability."
network
microsoft CWE-20
critical
 9.3
9.3
2008-05-13 CVE-2008-1434 Resource Management Errors vulnerability in Microsoft products
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
network
microsoft CWE-399
critical
 9.3
9.3
2008-05-13 CVE-2008-1091 Code Injection vulnerability in Microsoft products
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-05-13 CVE-2008-0119 Code Injection vulnerability in Microsoft Office
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-03-11 CVE-2008-0118 Code Injection vulnerability in Microsoft Office
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-03-11 CVE-2008-0117 Remote Code Execution vulnerability in Microsoft Excel Conditional Formatting Values
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
network
microsoft
critical
 9.3
9.3
2008-03-11 CVE-2008-0110 Code Injection vulnerability in Microsoft Office
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
network
microsoft CWE-94
critical
 9.3
9.3
2008-03-11 CVE-2007-1201 Code Injection vulnerability in Microsoft products
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-02-13 CVE-2008-0103 Resource Management Errors vulnerability in Microsoft Office
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
network
microsoft CWE-399
critical
 9.3
9.3