Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-08 | CVE-2008-0086 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. | 9.0 |
| 2008-07-07 | CVE-2008-2430 | Numeric Errors vulnerability in Videolan VLC Media Player 0.8.6H Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | 9.3 |
| 2008-07-02 | CVE-2008-2959 | Buffer Errors vulnerability in Microsoft Visual Basic Enterprise Edition 6.0 Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. | 9.3 |
| 2008-06-24 | CVE-2008-2427 | Buffer Errors vulnerability in Pagesperso-Orange GFL Sdk, Nconvert and Xnview Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. | 9.3 |
| 2008-06-23 | CVE-2008-2307 | Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | 9.3 |
| 2008-06-23 | CVE-2008-2306 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | 9.3 |
| 2008-06-23 | CVE-2008-2821 | Path Traversal vulnerability in Glub Secure FTP Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | 9.3 |
| 2008-06-12 | CVE-2008-1444 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." | 9.3 |
| 2008-06-12 | CVE-2008-1442 | Buffer Errors vulnerability in Microsoft Internet Explorer 6/7 Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." | 9.3 |
| 2008-06-12 | CVE-2008-0011 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." | 9.3 |