Vulnerabilities > Microsoft > Word > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-12 | CVE-2008-0109 | Resource Management Errors vulnerability in Microsoft Office and Word Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. | 9.3 |
| 2007-10-09 | CVE-2007-3899 | Code Injection vulnerability in Microsoft Office and Word Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." | 9.3 |
| 2007-02-13 | CVE-2007-0208 | Improper Input Validation vulnerability in Microsoft products Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. | 9.3 |
| 2007-02-03 | CVE-2007-0671 | Remote Code Execution vulnerability in Microsoft Office Malformed String Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | 9.3 |
| 2007-01-26 | CVE-2007-0515 | Unspecified vulnerability in Microsoft products Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. | 9.3 |
| 2006-12-14 | CVE-2006-6561 | Unspecified vulnerability in Microsoft products Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. | 9.3 |
| 2006-12-11 | CVE-2006-6456 | Unspecified vulnerability in Microsoft products Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. | 9.3 |
| 2006-12-06 | CVE-2006-5994 | Remote Code Execution vulnerability in Microsoft Word Malformed String Arbitrary Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. | 9.3 |
| 2006-10-10 | CVE-2006-3651 | Remote Code Execution vulnerability in Microsoft Word Mail Merge Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. | 9.3 |
| 2006-10-10 | CVE-2006-3877 | Code Injection vulnerability in Microsoft products Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. | 9.3 |