Vulnerability Details CVE-2003-0347
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.748
EPSS Ranking 98.8%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html
- http://marc.info/?l=bugtraq&m=106262077829157&w=2
- http://secunia.com/advisories/9666
- http://www.kb.cert.org/vuls/id/804780
- http://www.securityfocus.com/bid/8534
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html
- http://marc.info/?l=bugtraq&m=106262077829157&w=2
- http://secunia.com/advisories/9666
- http://www.kb.cert.org/vuls/id/804780
- http://www.securityfocus.com/bid/8534
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037
Products affected by CVE-2003-0347
-
cpe:2.3:a:microsoft:office:2000
-
cpe:2.3:a:microsoft:office:xp
-
cpe:2.3:a:microsoft:project:2000
-
cpe:2.3:a:microsoft:project:2002
-
cpe:2.3:a:microsoft:visio:2002
-
cpe:2.3:a:microsoft:visual_basic:5.0
-
cpe:2.3:a:microsoft:visual_basic:6.2
-
cpe:2.3:a:microsoft:visual_basic:6.3