Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-31 | CVE-2007-2931 | Improper Input Validation vulnerability in Microsoft MSN Messenger and Windows Live Messenger Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. | 9.3 |
| 2007-08-16 | CVE-2007-4372 | Remote Security vulnerability in Netwin Surgemail 38K Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. | 10.0 |
| 2007-08-15 | CVE-2007-4356 | Unspecified vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. | 9.3 |
| 2007-08-14 | CVE-2007-1749 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7 Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. | 9.3 |
| 2007-08-14 | CVE-2007-0948 | Heap Overflow vulnerability in Microsoft Virtual PC and Virtual Server Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." | 9.3 |
| 2007-08-14 | CVE-2007-3890 | Remote Code Execution vulnerability in Microsoft Excel and Office Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. | 9.3 |
| 2007-08-14 | CVE-2007-3041 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7 Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." | 9.3 |
| 2007-08-14 | CVE-2007-3034 | Numeric Errors vulnerability in Microsoft products Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. | 9.3 |
| 2007-08-14 | CVE-2007-2224 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Visual Basic Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. | 9.3 |
| 2007-08-14 | CVE-2007-2223 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft XML Core Services Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. | 9.3 |