Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0820

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0820
Last Modified 10 Sep 2008 03:20:33
Published 15 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0820

Summary

Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

Vulnerable Systems

Application

  • Microsoft Word 2000

  • Microsoft Word 2002

  • Microsoft Word 97

  • Microsoft Word 98

  • Microsoft Works 2001

  • Microsoft Works 2002

  • Microsoft Works 2003

  • Microsoft Works 2004


References

XF - word-macro-execute-code(13682)

BID - 8835

MS - MS03-050

MISC - http://www.security.nnov.ru/search/document.asp?docid=5243

BUGTRAQ - 20031015 Few issues previously unpublished in English


Last Updated: 27 May 2016 10:38:04