Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0346

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0346
Last Modified 10 Sep 2008 03:18:41
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0346

Summary

Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Microsoft Directx 5.2

  • Microsoft Directx 6.1

  • Microsoft Directx 7.0

  • Microsoft Directx 7.0a

  • Microsoft Directx 8.1

  • Microsoft Directx 9.0a


References

CERT - CA-2003-18

CERT-VN - VU#561284

CERT-VN - VU#265232

MS - MS03-030

BUGTRAQ - 20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption


Last Updated: 27 May 2016 10:37:52