Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-1898 |
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. Published: April 21, 2008; 1:05:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-0109 |
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. Published: February 12, 2008; 6:00:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-1756 |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". Published: July 10, 2007; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-3282 |
Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. Published: June 19, 2007; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-0936 |
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." Published: June 12, 2007; 3:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-3109 |
The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. Published: June 07, 2007; 5:30:00 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2007-0035 |
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." Published: May 08, 2007; 6:19:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-1238 |
Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. Published: March 03, 2007; 2:19:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-1311 |
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. Published: February 13, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-2387 |
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. Published: October 10, 2006; 6:07:00 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-3434 |
Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. Published: October 10, 2006; 6:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-3647 |
Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. Published: October 10, 2006; 6:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-3650 |
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. Published: October 10, 2006; 6:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-3651 |
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. Published: October 10, 2006; 6:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-3864 |
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. Published: October 10, 2006; 6:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-3868 |
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. Published: October 10, 2006; 6:07:00 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-3435 |
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. Published: October 10, 2006; 5:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-3876 |
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. Published: October 10, 2006; 5:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-4694 |
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. Published: September 27, 2006; 3:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-0001 |
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. Published: September 12, 2006; 7:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |