published date: October 20, 2003

CVE-2003-0347 : Heap-based Buffer Overflow Vulnerability

Description

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.

Product(s):

Microsoft Office 2000
Microsoft Office 2000 Japanese
Microsoft Office 2000 Korean
Microsoft Office 2000 Chinese
Microsoft Office 2000 sp1
Microsoft Office 2000 sp2
Microsoft Office 2000 sp3
Microsoft Office XP
Microsoft Office XP sp1
Microsoft Office XP sp2
Microsoft Office XP Service Pack 3
Microsoft Project 2000
Microsoft Project 2000 sr1
Microsoft Project 2002
Microsoft Project 2002 sp1
Microsoft Visio 2002 Professional
Microsoft Visio 2002_sp2 professional
Microsoft Visual Basic 5.0 SDK
Microsoft visual_basic 6.2
Microsoft Visual Basic 6.2 SDK
Microsoft Visual Basic 6.3 SDK

CVSS:10 [Critical]
EPSS:70.46%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2003-0347, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2003-0347 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2003-0347

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales