Heap Overflow in Windows Script Engine for JScript by Microsoft
CVE-2003-0010

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; Windows 2000 Terminal Services; Windows Xp; Windows 2000
Vendor: CVE Published:; 24 March 2003

Summary

A vulnerability in the JsArrayFunctionHeapSort function of the Windows Script Engine for JScript (JScript.dll) allows attackers to exploit an integer overflow. By sending a specially crafted web page or HTML email with a large array index value, a heap-based buffer overflow can be triggered, enabling the execution of arbitrary code on the target system. This vulnerability affects various versions of Windows, including Windows XP, Windows 2000, and Windows Server 2003, posing significant risks to users and systems that lack adequate security measures.

References

http://www.securityfocus.com/bid/7146

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 24, 2003
Vulnerability Reserved
Jan 2, 2003