In this paper, critical vulnerability is parsed from its essence, analysis and exploitation. First, this paper gives the definition of critical vulnerability, present necessary and sufficient condition of the existence for critical vulnerability, and proves that there are not any universal detecting procedures for critical vulnerability. Secondly, this paper proposes three basic conditions to judge if a procedure has critical vulnerability, examines the essential method to analyze critical vulnerability using the backtracking analysis, and proves that the time complexity of the backtracking analysis conforms with the exponential growth of at least O(2^h). Lastly, this paper ascribes the critical vulnerability exploitation to solving critical vulnerability equation sets, and gives the algorithm for solving the critical vulnerability equation set by a generalized equation and VC factorization. Then, the paper analyzes and computes two critical vulnerabilities of the Office series software.