Vulnerabilities > Microsoft > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-12 | CVE-2008-0108 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Works Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." | 9.3 |
2008-02-12 | CVE-2008-0105 | Improper Input Validation vulnerability in Microsoft Office and Works Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." | 9.3 |
2008-02-12 | CVE-2008-0104 | Code Injection vulnerability in Microsoft Office and Publisher Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." | 9.3 |
2008-02-12 | CVE-2008-0102 | Resource Management Errors vulnerability in Microsoft Publisher 2000/2002/2003 Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." | 10.0 |
2008-02-12 | CVE-2008-0080 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Webdav Mini-Redirector Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. | 10.0 |
2008-02-12 | CVE-2008-0078 | Code Injection vulnerability in Microsoft Activex, IE and Internet Explorer Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." | 9.3 |
2008-02-12 | CVE-2008-0076 | Code Injection vulnerability in Microsoft IE and Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." | 9.3 |
2008-02-12 | CVE-2007-0216 | Improper Input Validation vulnerability in Microsoft Office and Works wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." | 9.3 |
2008-02-12 | CVE-2007-0065 | Code Injection vulnerability in Microsoft Office and Visual Basic Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. | 10.0 |
2008-02-12 | CVE-2008-0075 | Code Injection vulnerability in Microsoft Internet Information Server 6.0 Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | 10.0 |