Vulnerabilities > Microsoft > Office > 2003
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-11-13 | CVE-2013-1325 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office 2003/2007 Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability." | 9.3 |
2013-11-13 | CVE-2013-1324 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Office 2013 RT Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability." | 9.3 |
2013-11-13 | CVE-2013-0082 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office 2003/2007 Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability." | 9.3 |
2013-09-11 | CVE-2013-3160 | Information Exposure vulnerability in Microsoft Office, Word and Word Viewer Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability." | 5.0 |
2013-06-12 | CVE-2013-1331 | Buffer Errors vulnerability in Microsoft Office 2003/2011 Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." | 9.3 |
2012-08-15 | CVE-2012-1856 | Code Injection vulnerability in Microsoft products The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." | 9.3 |
2012-07-10 | CVE-2012-1854 | Unspecified vulnerability in Microsoft products Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. local microsoft | 6.9 |
2012-05-09 | CVE-2012-0167 | Improper Input Validation vulnerability in Microsoft Office 2003/2007 Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0165 | Improper Input Validation vulnerability in Microsoft Office, Windows Server 2008 and Windows Vista GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0159 | Resource Management Errors vulnerability in Microsoft products Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." | 9.3 |