Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-12 | CVE-2006-0001 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Publisher Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. | 9.3 |
| 2006-09-05 | CVE-2006-4534 | Remote Code Execution vulnerability in Microsoft Office 2000/2001/2003 Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. | 9.3 |
| 2006-08-09 | CVE-2006-3441 | Buffer Overrun vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. | 10.0 |
| 2006-08-09 | CVE-2006-3440 | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." | 10.0 |
| 2006-08-09 | CVE-2006-3439 | Remote Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. | 10.0 |
| 2006-08-09 | CVE-2006-3438 | Remote Buffer Overflow vulnerability in Microsoft Hyperlink Object Library Function Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." | 9.3 |
| 2006-07-21 | CVE-2006-3730 | Code Injection vulnerability in Microsoft IE and Internet Explorer Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. | 9.3 |
| 2006-07-13 | CVE-2006-1309 | Code Injection vulnerability in Microsoft Excel and Excel Viewer Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. | 9.3 |
| 2006-07-13 | CVE-2006-1308 | Remote Code Execution vulnerability in Microsoft Excel FNGROUPCOUNT Record Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. | 9.3 |
| 2006-07-13 | CVE-2006-1301 | Code Injection vulnerability in Microsoft Excel and Excel Viewer Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. | 9.3 |