Vulnerabilities > CVE-2003-0347 - Buffer Overrun vulnerability in Microsoft Visual Basic For Applications Document Handling
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Exploit-Db
description | Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability. CVE-2003-0347. Remote exploit for windows platform |
id | EDB-ID:23094 |
last seen | 2016-02-02 |
modified | 2003-09-03 |
published | 2003-09-03 |
reporter | eEye Digital Security Team |
source | https://www.exploit-db.com/download/23094/ |
title | Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS03-037.NASL |
description | The remote host is running a version of Microsoft Visual Basic for Applications that is vulnerable to a buffer overflow when handling malformed documents. An attacker may exploit this flaw to execute arbitrary code on this host by sending a malformed file to a user of the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11832 |
published | 2003-09-04 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11832 |
title | MS03-037: Visual Basic for Application Overflow (822715) |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html
- http://marc.info/?l=bugtraq&m=106262077829157&w=2
- http://secunia.com/advisories/9666
- http://www.kb.cert.org/vuls/id/804780
- http://www.securityfocus.com/bid/8534
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037