Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-10 | CVE-2006-3647 | Numeric Errors vulnerability in Microsoft Office Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. | 9.3 |
| 2006-10-10 | CVE-2006-3434 | Remote Code Execution vulnerability in Microsoft Office Improper Memory Access Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. | 9.3 |
| 2006-10-10 | CVE-2006-3876 | Code Injection vulnerability in Microsoft Office Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. | 9.3 |
| 2006-10-10 | CVE-2006-3435 | Code Injection vulnerability in Microsoft Office PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. | 9.3 |
| 2006-09-27 | CVE-2006-4694 | Code Injection vulnerability in Microsoft Office 2000/2003/Xp Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. | 9.3 |
| 2006-09-19 | CVE-2006-4868 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer and Outlook Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. | 9.3 |
| 2006-09-13 | CVE-2006-4732 | Remote Security vulnerability in Microsoft Visual Basic 6.0 Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. | 10.0 |
| 2006-09-12 | CVE-2006-0001 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Publisher Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. | 9.3 |
| 2006-09-05 | CVE-2006-4534 | Remote Code Execution vulnerability in Microsoft Office 2000/2001/2003 Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. | 9.3 |
| 2006-08-09 | CVE-2006-3441 | Buffer Overrun vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. | 10.0 |