Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-08 | CVE-2007-0099 | Race Condition vulnerability in Microsoft Internet Explorer and XML Core Services Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." | 9.3 |
| 2006-12-31 | CVE-2006-6902 | Remote Security vulnerability in Microsoft Windows 2003 Server Mobilepocketpc Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | 10.0 |
| 2006-12-31 | CVE-2006-6901 | Remote Security vulnerability in Microsoft Windows 2003 Server R2 Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | 10.0 |
| 2006-12-31 | CVE-2006-5574 | Remote Code Execution vulnerability in Microsoft Office Brazilian Portuguese Grammar Checker Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. | 9.3 |
| 2006-12-31 | CVE-2006-4695 | Code Injection vulnerability in Microsoft Office web Components 2000 Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." | 9.3 |
| 2006-12-14 | CVE-2006-6561 | Unspecified vulnerability in Microsoft products Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. | 9.3 |
| 2006-12-12 | CVE-2006-5583 | Remote Code Execution vulnerability in Microsoft Windows 2003 Server 2000/Sp1/Xpsp2 Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." | 10.0 |
| 2006-12-12 | CVE-2006-5581 | Unspecified vulnerability in Microsoft Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." | 9.3 |
| 2006-12-12 | CVE-2006-5579 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability." | 9.3 |
| 2006-12-11 | CVE-2006-6456 | Unspecified vulnerability in Microsoft products Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. | 9.3 |