Office 2003

CVEs (11)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2006-5296	Microsoft Powerpoint	0.08	—	0.68	Oct 16, 2006	PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as…
CVE-2012-0165	Microsoft Office	0.05	—	0.62	May 9, 2012	GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type…
CVE-2011-0977	Microsoft Excel	0.05	—	0.63	Feb 10, 2011	Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka…
CVE-2010-3946	Microsoft Office	0.05	—	0.67	Dec 16, 2010	Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer…
CVE-2010-3945	Microsoft Office	0.05	—	0.62	Dec 16, 2010	Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun…
CVE-2010-0815	Microsoft Office	0.04	—	0.52	May 12, 2010	VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute…
CVE-2008-3460	Microsoft Office	0.04	—	0.55	Aug 12, 2008	WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File…
CVE-2008-3019	Microsoft Office	0.04	—	0.54	Aug 12, 2008	Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter…
CVE-2006-5574	Microsoft Office	0.03	—	0.44	Dec 31, 2006	Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly…
CVE-2013-3160	Microsoft Word	0.02	—	0.28	Sep 11, 2013	Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE)…
CVE-2007-1238	Microsoft Office	0.02	—	0.21	Mar 3, 2007	Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.

CVE-2006-5296Oct 16, 2006
Microsoft
Powerpoint
risk 0.08cvss —epss 0.68
PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as…
CVE-2012-0165May 9, 2012
Microsoft
Office
risk 0.05cvss —epss 0.62
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type…
CVE-2011-0977Feb 10, 2011
Microsoft
Excel
risk 0.05cvss —epss 0.63
Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka…
CVE-2010-3946Dec 16, 2010
Microsoft
Office
risk 0.05cvss —epss 0.67
Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer…
CVE-2010-3945Dec 16, 2010
Microsoft
Office
risk 0.05cvss —epss 0.62
Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun…
CVE-2010-0815May 12, 2010
Microsoft
Office
risk 0.04cvss —epss 0.52
VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute…
CVE-2008-3460Aug 12, 2008
Microsoft
Office
risk 0.04cvss —epss 0.55
WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File…
CVE-2008-3019Aug 12, 2008
Microsoft
Office
risk 0.04cvss —epss 0.54
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter…
CVE-2006-5574Dec 31, 2006
Microsoft
Office
risk 0.03cvss —epss 0.44
Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly…
CVE-2013-3160Sep 11, 2013
Microsoft
Word
risk 0.02cvss —epss 0.28
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE)…
CVE-2007-1238Mar 3, 2007
Microsoft
Office
risk 0.02cvss —epss 0.21
Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.