Critical.
Affected Software:
For a list of operating system and product versions affected, please see the Microsoft Bulletin reference below.
Additional Information:
The vulnerability lies in "winproj.exe", which is used when processing a Project file. A maliciously crafted document may contain a list structure with a malformed element field, that when processed, will result in memory corruption and allow a remote attacker to arbitrarily execute code on the victims machine.
=====
Critical
Affected Software:
==================
For a list of operating system and product versions affected, please see the Microsoft Bulletin reference below.
Additional Information:
=======================
The vulnerability occurs when Internet Explorer processes special DHTML functions. A crash may happen when destroying a window after making a sequence of calls on the "tr" element. These calls are linked to the insertion, deletion and attributes of a table cell. The crash may then allow the arbitrary execution of code on the browsers machine.
=====
Critical
Affected Software:
==================
For a list of operating system and product versions affected, please see the Microsoft Bulletin reference below.
Additional Information:
=======================
The vulnerability lies in "excel.exe", which is used when processing an Excel file. A maliciously crafted document will cause Excel to crash when processing. The crash occurs while calculating memory using an offset and a two-byte value contained in the document. If the two-byte value is set to a high value, an overflow condition will occur during memory calculation. A remote attacker can potentially control the memory referenced as a result of the overflow to alter program flow, and execute arbitrary code on a victims machine.
