Vulnerabilities > CVE-2003-0347 - Buffer Overrun vulnerability in Microsoft Visual Basic For Applications Document Handling

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
microsoft
critical
nessus
exploit available

Summary

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.

Exploit-Db

descriptionMicrosoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability. CVE-2003-0347. Remote exploit for windows platform
idEDB-ID:23094
last seen2016-02-02
modified2003-09-03
published2003-09-03
reportereEye Digital Security Team
sourcehttps://www.exploit-db.com/download/23094/
titleMicrosoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS03-037.NASL
descriptionThe remote host is running a version of Microsoft Visual Basic for Applications that is vulnerable to a buffer overflow when handling malformed documents. An attacker may exploit this flaw to execute arbitrary code on this host by sending a malformed file to a user of the remote host.
last seen2020-06-01
modified2020-06-02
plugin id11832
published2003-09-04
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11832
titleMS03-037: Visual Basic for Application Overflow (822715)