Integer Overflow Vulnerability in Microsoft DirectX MIDI Library
CVE-2003-0346

Currently unrated

Key Information:

Vendor: Microsoft
Status: Directx
Vendor: CVE Published:; 27 August 2003

Summary

Multiple integer overflow vulnerabilities in the Microsoft Windows DirectX MIDI library (QUARTZ.DLL) can be exploited by remote attackers. These vulnerabilities arise when a specially crafted MIDI (.mid) file is processed, specifically through excessive length of Text or Copyright strings and an unusually high number of tracks. Successful exploitation can lead to heap-based buffer overflows, potentially allowing attackers to execute arbitrary code on the affected system.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.kb.cert.org/vuls/id/561284

third-party-advisoryx_refsource_CERT-VN

http://www.cert.org/advisories/CA-2003-18.html

third-party-advisoryx_refsource_CERT

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
May 28, 2003