Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-13 | CVE-2008-1456 | Improper Input Validation vulnerability in Microsoft products Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. | 9.0 |
| 2008-08-13 | CVE-2008-2245 | Buffer Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. | 9.3 |
| 2008-08-13 | CVE-2008-0121 | Resource Management Errors vulnerability in Microsoft Office Powerpoint Viewer 2003 A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." | 9.3 |
| 2008-08-13 | CVE-2008-0120 | Resource Management Errors vulnerability in Microsoft Office Powerpoint Viewer 2003 Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." | 9.3 |
| 2008-08-13 | CVE-2008-0082 | Information Exposure vulnerability in Microsoft Windows Messenger 4.7/5.1 An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. | 10.0 |
| 2008-08-12 | CVE-2008-3648 | Code Injection vulnerability in Microsoft Windows XP nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. | 9.3 |
| 2008-08-12 | CVE-2008-3460 | Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability." | 9.3 |
| 2008-08-12 | CVE-2008-3021 | Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018. | 9.3 |
| 2008-08-12 | CVE-2008-3020 | Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability." | 9.3 |
| 2008-08-12 | CVE-2008-3019 | Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." | 9.3 |