Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-13 | CVE-2010-3218 | Code Injection vulnerability in Microsoft Word 2002 Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3217 | Resource Management Errors vulnerability in Microsoft Word 2002 Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3216 | Code Injection vulnerability in Microsoft Office and Word Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3215 | Code Injection vulnerability in Microsoft Office and Word Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3214 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-2750 | Code Injection vulnerability in Microsoft Office and Word Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-2748 | Code Injection vulnerability in Microsoft Office and Word Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-2747 | Code Injection vulnerability in Microsoft Office and Word Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." | 9.3 |
| 2010-09-15 | CVE-2010-2730 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Information Services 7.5 Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx 'FastCGI is not enabled by default in IIS.' | 9.3 |
| 2010-09-15 | CVE-2010-2728 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Outlook 2002/2003/2007 Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." | 9.3 |