Vulnerabilities > Microsoft > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-25 | CVE-2008-1092 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Word Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. | 9.3 |
2008-03-24 | CVE-2008-0951 | Code Injection vulnerability in Microsoft Windows Vista Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. | 9.3 |
2008-03-20 | CVE-2008-1392 | Configuration vulnerability in VMWare Ace, Player and VMWare Workstation The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors. | 10.0 |
2008-03-11 | CVE-2008-0118 | Code Injection vulnerability in Microsoft Office Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0117 | Remote Code Execution vulnerability in Microsoft Excel Conditional Formatting Values Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0116 | Improper Input Validation vulnerability in Microsoft products Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0115 | Code Injection vulnerability in Microsoft products Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0114 | Code Injection vulnerability in Microsoft Excel, Excel Viewer and Office Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. | 9.3 |
2008-03-11 | CVE-2008-0113 | Code Injection vulnerability in Microsoft Excel Viewer 2003 Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0112 | Code Injection vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." | 9.3 |