Vulnerabilities > Microsoft > Office > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-08 | CVE-2007-0035 | Improper Input Validation vulnerability in Microsoft Office and Works Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." | 9.3 |
2007-02-13 | CVE-2007-0208 | Improper Input Validation vulnerability in Microsoft products Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. | 9.3 |
2007-02-13 | CVE-2007-0209 | Code Injection vulnerability in Microsoft Office and Works Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. | 9.3 |
2007-02-13 | CVE-2006-1311 | Remote Code Execution vulnerability in Microsoft Office And Microsoft Windows RichEdit Component The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. | 9.3 |
2007-02-03 | CVE-2007-0671 | Remote Code Execution vulnerability in Microsoft Office Malformed String Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | 9.3 |
2007-01-26 | CVE-2007-0515 | Unspecified vulnerability in Microsoft products Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. | 9.3 |
2007-01-09 | CVE-2007-0028 | Improper Input Validation vulnerability in Microsoft products Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. | 9.3 |
2007-01-09 | CVE-2007-0029 | Remote Code Execution vulnerability in Microsoft Excel Malformed String Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." | 9.3 |
2007-01-09 | CVE-2007-0030 | Remote Code Execution vulnerability in Microsoft Excel Malformed Column Record Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. | 9.3 |
2007-01-09 | CVE-2007-0031 | Remote Code Execution vulnerability in Microsoft Excel Malformed Palette Record Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. | 9.3 |