Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2007-05-08 CVE-2007-2221 Unspecified vulnerability in Microsoft Internet Explorer
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."
network
microsoft
critical
9.3
2007-05-08 CVE-2007-1747 Resource Management Errors vulnerability in Microsoft Office
Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
network
microsoft CWE-399
critical
9.3
2007-05-08 CVE-2007-0947 Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7.0
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
network
microsoft CWE-399
critical
9.3
2007-05-08 CVE-2007-0946 Unspecified vulnerability in Microsoft Internet Explorer 7.0
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
network
microsoft
critical
9.3
2007-05-08 CVE-2007-0945 Unspecified vulnerability in Microsoft Internet Explorer 6/6.0/7.0
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."
network
microsoft
critical
9.3
2007-05-08 CVE-2007-0944 Unspecified vulnerability in Microsoft IE and Internet Explorer
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
network
microsoft
critical
9.3
2007-05-08 CVE-2007-0942 Unspecified vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
network
microsoft
critical
9.3
2007-05-08 CVE-2007-0940 Remote Code Execution vulnerability in Microsoft Biztalk Server and Capicom
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
network
microsoft
critical
9.3
2007-05-08 CVE-2007-0213 Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
network
low complexity
microsoft CWE-20
critical
10.0
2007-05-08 CVE-2007-1203 Remote Code Execution vulnerability in Microsoft Excel Set Font
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
network
microsoft
critical
9.3