2003

DATE	CVE	VULNERABILITY TITLE	RISK
2008-03-11	CVE-2008-0110	Code Injection vulnerability in Microsoft Office Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. network microsoft CWE-94 critical	9.3
2008-02-13	CVE-2008-0103	Resource Management Errors vulnerability in Microsoft Office Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." network microsoft CWE-399 critical	9.3
2008-02-12	CVE-2008-0109	Resource Management Errors vulnerability in Microsoft Office and Word Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. network microsoft CWE-399 critical	9.3
2008-02-12	CVE-2008-0108	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Works Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." network microsoft CWE-119 critical	9.3
2008-02-12	CVE-2008-0105	Improper Input Validation vulnerability in Microsoft Office and Works Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." network microsoft CWE-20 critical	9.3
2008-02-12	CVE-2008-0104	Code Injection vulnerability in Microsoft Office and Publisher Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." network microsoft CWE-94 critical	9.3
2008-02-12	CVE-2007-0216	Improper Input Validation vulnerability in Microsoft Office and Works wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." network microsoft CWE-20 critical	9.3
2007-11-20	CVE-2007-6026	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. network microsoft CWE-119 critical	9.3
2007-08-14	CVE-2007-3890	Remote Code Execution vulnerability in Microsoft Excel and Office Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. network microsoft critical	9.3
2007-08-14	CVE-2007-2223	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft XML Core Services Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. network microsoft CWE-119 critical	9.3