Vulnerabilities > Microsoft > Word > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-11 | CVE-2013-3160 | Information Exposure vulnerability in Microsoft Office, Word and Word Viewer Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability." | 5.0 |
| 2012-02-15 | CVE-2012-0765 | Cross-Site Scripting vulnerability in Adobe Robohelp Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files in (1) template_stock and (2) template_csh directories. | 4.3 |
| 2010-09-20 | CVE-2010-3200 | Unspecified vulnerability in Microsoft Word 2003 MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. network microsoft | 4.3 |
| 2009-02-05 | CVE-2008-6063 | Information Exposure vulnerability in Microsoft Word 2007 Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. | 4.3 |
| 2007-05-08 | CVE-2007-1202 | Improper Input Validation vulnerability in Microsoft Word, Word Viewer and Works Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." | 6.8 |
| 2007-04-10 | CVE-2007-1910 | Document File Buffer Overflow vulnerability in Microsoft Word 2007 Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. network microsoft | 6.8 |
| 2005-05-02 | CVE-2005-0558 | Unspecified vulnerability in Microsoft Word 2000/2002/2003 Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. | 5.1 |
| 2003-04-11 | CVE-2002-1143 | Unspecified vulnerability in Microsoft Excel and Word Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure." | 5.0 |
| 2001-07-21 | CVE-2001-0501 | Unspecified vulnerability in Microsoft Word Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. | 4.6 |
| 2001-06-27 | CVE-2001-0240 | Unspecified vulnerability in Microsoft Word Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. | 4.6 |