U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • CPE Name Search: true
There are 87 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2008-0117

Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."

Published: March 11, 2008; 7:44:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0118

Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."

Published: March 11, 2008; 7:44:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0103

Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."

Published: February 12, 2008; 7:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0216

wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."

Published: February 12, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0104

Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."

Published: February 12, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0105

Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."

Published: February 12, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0108

Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."

Published: February 12, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0109

Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.

Published: February 12, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2223

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

Published: August 14, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3890

Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.

Published: August 14, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-1756

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".

Published: July 10, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3029

Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.

Published: July 10, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3282

Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.

Published: June 19, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-0936

Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."

Published: June 12, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3109

The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.

Published: June 07, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2007-1747

Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.

Published: May 08, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0035

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

Published: May 08, 2007; 6:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0215

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

Published: May 08, 2007; 6:19:00 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2007-1238

Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.

Published: March 03, 2007; 2:19:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0208

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

Published: February 13, 2007; 4:28:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH