Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-14 | CVE-2011-3403 | Code Injection vulnerability in Microsoft Excel and Office Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." | 9.3 |
| 2011-12-14 | CVE-2011-3400 | Code Injection vulnerability in Microsoft Windows Server 2003 and Windows XP Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." | 9.3 |
| 2011-12-14 | CVE-2011-3397 | Code Injection vulnerability in Microsoft Windows Server 2003 and Windows XP The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." | 9.3 |
| 2011-12-14 | CVE-2011-3396 | DLL Loading Arbitrary Code Execution vulnerability in Microsoft Powerpoint 2007/2010 Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms11-094 'PowerPoint Insecure Library Loading Vulnerability - CVE-2011-3396 A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles the loading of DLL files.' Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' | 9.3 |
| 2011-12-14 | CVE-2011-2019 | Untrusted Search Path vulnerability in Microsoft Internet Explorer 9 Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." | 9.3 |
| 2011-12-14 | CVE-2011-1983 | Resource Management Errors vulnerability in Microsoft Office 2007/2010/2011 Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." | 9.3 |
| 2011-12-14 | CVE-2011-1508 | Code Injection vulnerability in Microsoft Publisher 2003/2007 Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." | 9.3 |
| 2011-12-07 | CVE-2011-4694 | Remote Security vulnerability in Adobe Flash Player 11.1.102.55 Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). | 9.3 |
| 2011-12-07 | CVE-2011-4693 | Remote Security vulnerability in Adobe Flash Player 11.1.102.55 Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). | 9.3 |
| 2011-11-11 | CVE-2011-2460 | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. | 10.0 |