Vulnerabilities > CVE-2003-0821 - Unspecified vulnerability in Microsoft Word and Works
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 27 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS03-050.NASL |
description | The remote host is running a version of Microsoft Word and/or Microsoft Excel that are subject to a flaw that could allow arbitrary code to be run. An attacker could use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue Word or Excel file to the owner of this computer and have him open it. Then the macros contained in the Word file would bypass the security model of Word, and would be executed. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11920 |
published | 2003-11-11 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11920 |
title | MS03-050: Word and/or Excel may allow arbitrary code to run (831527) |
code |
|
Oval
accepted 2012-05-28T04:02:06.883-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. family windows id oval:org.mitre.oval:def:636 status accepted submitted 2003-11-19T12:00:00.000-04:00 title MS Excel 2000 Malicious Macro Security Bypass Vulnerability version 6 accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Shane Shaffer organization G2, Inc.
description Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. family windows id oval:org.mitre.oval:def:675 status accepted submitted 2003-11-19T12:00:00.000-04:00 title MS Excel 97 Malicious Macro Security Bypass Vulnerability version 4 accepted 2012-05-28T04:02:17.738-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. family windows id oval:org.mitre.oval:def:695 status accepted submitted 2003-11-19T12:00:00.000-04:00 title MS Excel 2002 Malicious Macro Security Bypass Vulnerability version 7
References
- http://www.securityfocus.com/bid/9010
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13681
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A636
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A675
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A695