Vulnerabilities > Microsoft > Office > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-05-13 CVE-2008-1434 Resource Management Errors vulnerability in Microsoft products
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
network
microsoft CWE-399
critical
 9.3
9.3
2008-04-21 CVE-2008-1898 Improper Input Validation vulnerability in Microsoft Office and Works
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
network
microsoft CWE-20
critical
 9.3
9.3
2008-04-08 CVE-2008-1089 Code Injection vulnerability in Microsoft Office and Visio
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-04-08 CVE-2008-1090 Resource Management Errors vulnerability in Microsoft Office and Visio
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
network
microsoft CWE-399
critical
 9.3
9.3
2008-03-11 CVE-2007-1201 Code Injection vulnerability in Microsoft products
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-03-11 CVE-2008-0110 Code Injection vulnerability in Microsoft Office
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
network
microsoft CWE-94
critical
 9.3
9.3
2008-03-11 CVE-2008-0111 Code Injection vulnerability in Microsoft products
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-03-11 CVE-2008-0112 Code Injection vulnerability in Microsoft Excel and Office
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-03-11 CVE-2008-0114 Code Injection vulnerability in Microsoft Excel, Excel Viewer and Office
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
network
microsoft CWE-94
critical
 9.3
9.3
2008-03-11 CVE-2008-0115 Code Injection vulnerability in Microsoft products
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3