Vulnerabilities > Microsoft > Office > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-03-11 CVE-2008-0116 Improper Input Validation vulnerability in Microsoft products
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
network
microsoft CWE-20
critical
 9.3
9.3
2008-03-11 CVE-2008-0117 Remote Code Execution vulnerability in Microsoft Excel Conditional Formatting Values
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
network
microsoft
critical
 9.3
9.3
2008-03-11 CVE-2008-0118 Code Injection vulnerability in Microsoft Office
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-02-13 CVE-2008-0103 Resource Management Errors vulnerability in Microsoft Office
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
network
microsoft CWE-399
critical
 9.3
9.3
2008-02-12 CVE-2007-0065 Code Injection vulnerability in Microsoft Office and Visual Basic
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
network
low complexity
microsoft CWE-94
critical
 10.0
10
2008-02-12 CVE-2007-0216 Improper Input Validation vulnerability in Microsoft Office and Works
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
network
microsoft CWE-20
critical
 9.3
9.3
2008-02-12 CVE-2008-0104 Code Injection vulnerability in Microsoft Office and Publisher
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-02-12 CVE-2008-0105 Improper Input Validation vulnerability in Microsoft Office and Works
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
network
microsoft CWE-20
critical
 9.3
9.3
2008-02-12 CVE-2008-0108 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Works
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
network
microsoft CWE-119
critical
 9.3
9.3
2008-02-12 CVE-2008-0109 Resource Management Errors vulnerability in Microsoft Office and Word
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
network
microsoft CWE-399
critical
 9.3
9.3