All four critical patches address vulnerabilities that would allow remote code execution. On top of the list are the updates for flaws in Outlook Express and Windows Mail, and Internet Explorer, followed by Word and Kodak Image Viewer. Detailed descriptions are available down below:

Outlook Express and Windows Mail – the vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.

Internet Explorer – The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.

Microsoft Word – This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string.

Kodak Image Viewer – a remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specifically crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system.

The other two patches address a denial of service vulnerability in Windows RPC and a bug in Windows SharePoint Services 3.0 and Office SharePoint Server 2007, which could result in elevation of privilege.