| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Microsoft Office Security Feature Bypass Vulnerability |
| Microsoft Word Information Disclosure Vulnerability |
| External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network. |
| Microsoft Word Security Feature Bypass Vulnerability |
| Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. |
| Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Word Information Disclosure Vulnerability |
| Microsoft Office Word Tampering Vulnerability |
| Microsoft Office Security Feature Bypass Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. |
| Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." |
| Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. |
| Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. |
| Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. |
