Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-02-12 CVE-2008-0108 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Works
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
network
microsoft CWE-119
critical
 9.3
9.3
2008-02-12 CVE-2008-0105 Improper Input Validation vulnerability in Microsoft Office and Works
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
network
microsoft CWE-20
critical
 9.3
9.3
2008-02-12 CVE-2008-0104 Code Injection vulnerability in Microsoft Office and Publisher
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-02-12 CVE-2008-0102 Resource Management Errors vulnerability in Microsoft Publisher 2000/2002/2003
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
network
low complexity
microsoft CWE-399
critical
 10.0
10
2008-02-12 CVE-2008-0080 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Webdav Mini-Redirector
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
network
low complexity
microsoft CWE-119
critical
 10.0
10
2008-02-12 CVE-2008-0078 Code Injection vulnerability in Microsoft Activex, IE and Internet Explorer
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-02-12 CVE-2008-0076 Code Injection vulnerability in Microsoft IE and Internet Explorer
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-02-12 CVE-2007-0216 Improper Input Validation vulnerability in Microsoft Office and Works
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
network
microsoft CWE-20
critical
 9.3
9.3
2008-02-12 CVE-2007-0065 Code Injection vulnerability in Microsoft Office and Visual Basic
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
network
low complexity
microsoft CWE-94
critical
 10.0
10
2008-02-12 CVE-2008-0075 Code Injection vulnerability in Microsoft Internet Information Server 6.0
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
network
low complexity
microsoft CWE-94
critical
 10.0
10