CVE-2003-0820

Severity

75%

Complexity

99%

Confidentiality

106%

Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Microsoft

First reported 21 years ago

2003-12-15 05:00:00

Last updated 6 years ago

2018-10-12 21:33:00

Affected Software

Microsoft Word 97

97

Microsoft Word 97 sr1

97

Microsoft Word 97 sr2

97

Microsoft Word 98

98

Microsoft Word 2000

2000

Microsoft Word 2000 sp2

2000

Microsoft Word 2000 sp3

2000

Microsoft Word 2000 sr1

2000

Microsoft Word 2000 sr1a

2000

Microsoft Word 2002

2002

Microsoft Word 2002 sp1

2002

Microsoft Word 2002 sp2

2002

Microsoft works_suite 2001

2001

Microsoft works_suite 2002

2002

Microsoft works_suite 2003

2003

Microsoft Works 2004

2004

References

20031015 Few issues previously unpublished in English

Vendor Advisory

http://www.security.nnov.ru/search/document.asp?docid=5243

Third Party Advisory

8835

Patch, Third Party Advisory, VDB Entry, Vendor Advisory

MS03-050

word-macro-execute-code(13682)

Third Party Advisory, VDB Entry

oval:org.mitre.oval:def:336

Third Party Advisory

oval:org.mitre.oval:def:585

Third Party Advisory

oval:org.mitre.oval:def:586

Third Party Advisory

oval:org.mitre.oval:def:668

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.