CVE-2003-0346

Currently unrated

Key Information:

Vendor: Microsoft
Status: Directx
Vendor: CVE Published:; 27 August 2003

Summary

Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.kb.cert.org/vuls/id/561284

third-party-advisoryx_refsource_CERT-VN

http://www.cert.org/advisories/CA-2003-18.html

third-party-advisoryx_refsource_CERT

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
May 28, 2003

Collectors

NVD DatabaseMitre Database