Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2003-0820 | First vendor Publication | 2003-12-15 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0820 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:336 | |||
Oval ID: | oval:org.mitre.oval:def:336 | ||
Title: | MS Word 2000 Macro Names Buffer Overflow | ||
Description: | Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0820 | Version: | 5 |
Platform(s): | Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word 2000 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:585 | |||
Oval ID: | oval:org.mitre.oval:def:585 | ||
Title: | MS Word 97 Macro Names Buffer Overflow | ||
Description: | Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0820 | Version: | 2 |
Platform(s): | Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word 97 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:586 | |||
Oval ID: | oval:org.mitre.oval:def:586 | ||
Title: | MS Word 98 Macro Names Buffer Overflow | ||
Description: | Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0820 | Version: | 2 |
Platform(s): | Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word 98 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:668 | |||
Oval ID: | oval:org.mitre.oval:def:668 | ||
Title: | MS Word 2002 Macro Names Buffer Overflow | ||
Description: | Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0820 | Version: | 5 |
Platform(s): | Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word 2002 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
2801 | Microsoft Word and Excel Execution of Arbitrary Code Several versions of Microsft Word, Excel, and Works Suite contain a flaw that may allow a malicious user to bypass Macro security. The issue is triggered when a user is tricked in to opening a document by a malicious website because Internet Explorer automatically launches the helper application, which is installed by Microsoft Office. It is possible that the flaw may allow Excel to run Macros at the same security level as the current user, and in Word there is a buffer overflow condition that will allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-11-11 | Name : Arbitrary code can be executed on the remote host through Office. File : smb_nt_ms03-050.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:06 |
|
2021-04-22 01:02:15 |
|
2020-05-23 00:15:30 |
|
2018-10-13 00:22:27 |
|
2017-11-16 21:21:11 |
|
2017-10-11 09:23:18 |
|
2017-07-11 12:01:18 |
|
2016-04-26 12:37:37 |
|
2014-02-17 10:26:36 |
|
2013-05-11 11:53:04 |
|