Vulnerabilities > Microsoft > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-25 | CVE-2009-0238 | Code Injection vulnerability in Microsoft products Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC. | 9.3 |
2009-02-13 | CVE-2009-0137 | Improper Input Validation vulnerability in Apple Safari Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." | 10.0 |
2009-02-10 | CVE-2009-0305 | Buffer Errors vulnerability in Research in Motion Limited Blackberry Application web Loader 1.0 Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method. | 9.3 |
2009-02-10 | CVE-2009-0098 | Resource Management Errors vulnerability in Microsoft Exchange Server 2000/2003/2007 Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | 9.3 |
2009-02-10 | CVE-2009-0097 | Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007 Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." | 9.3 |
2009-02-10 | CVE-2009-0096 | Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." | 9.3 |
2009-02-10 | CVE-2009-0095 | Resource Management Errors vulnerability in Microsoft Visio 2002/2003/2007 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." | 9.3 |
2009-02-10 | CVE-2009-0075 | Resource Management Errors vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
2009-01-29 | CVE-2009-0341 | Buffer Errors vulnerability in Microsoft Internet Explorer 7 The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. | 9.3 |
2009-01-27 | CVE-2009-0282 | Numeric Errors vulnerability in Ralinktech Rt73 3.08 Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error. | 9.3 |