Heap-based Buffer Overflow in Microsoft Visual Basic for Applications
CVE-2003-0347

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Basic; Project; Office; Visio
Vendor: CVE Published:; 20 October 2003

Summary

A heap-based buffer overflow exists in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK versions 5.0 to 6.3. This vulnerability enables remote attackers to execute arbitrary code by crafting a document with a long ID parameter, potentially compromising affected systems. Exploitation requires the user to open the malicious document, making it crucial for users to be aware of potential risks associated with documents originating from untrusted sources.

References

http://www.kb.cert.org/vuls/id/804780

third-party-advisoryx_refsource_CERT-VN

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/...

mailing-listx_refsource_VULNWATCH

http://secunia.com/advisories/9666

third-party-advisoryx_refsource_SECUNIA

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2003
Vulnerability Reserved
May 28, 2003