Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-08-25 | CVE-2010-2935 | Numeric Errors vulnerability in Openoffice Openoffice.Org 3.2.1 simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." | 9.3 |
| 2010-08-17 | CVE-2009-3737 | Code Injection vulnerability in Oracle Siebel Option Pack IE Activex Control The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
| 2010-08-16 | CVE-2010-1799 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 9.3 |
| 2010-08-11 | CVE-2010-2566 | Improper Input Validation vulnerability in Microsoft products The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." | 9.3 |
| 2010-08-11 | CVE-2010-2564 | Code Injection vulnerability in Microsoft Windows Movie Maker 2.1/2.6/6.0 Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." | 9.3 |
| 2010-08-11 | CVE-2010-2562 | Code Injection vulnerability in Microsoft Excel, Office and Open XML File Format Converter Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability." | 9.3 |
| 2010-08-11 | CVE-2010-2561 | Code Injection vulnerability in Microsoft XML Core Services 3.0 Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." | 9.3 |
| 2010-08-11 | CVE-2010-2560 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." | 9.3 |
| 2010-08-11 | CVE-2010-2559 | Use of Uninitialized Resource vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. | 9.3 |
| 2010-08-11 | CVE-2010-2558 | Race Condition vulnerability in Microsoft Internet Explorer 6/7/8 Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." | 9.3 |