CVE-2003-0347

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.

Published: Oct 20, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0347
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / visual_basic	6.3	6.3.x
microsoft / visual_basic	5.0	5.0.x
microsoft / project	2000	2000.x
microsoft / office	2000	2000.x
microsoft / visio	2002	2002.x
microsoft / project	2002	2002.x
microsoft / office	xp-sp2	xp-sp2.x
microsoft / visual_basic	6.2	6.2.x
microsoft / office	2000-sp2	2000-sp2.x
microsoft / office	2000-sp3	2000-sp3.x
microsoft / office	xp	xp.x
microsoft / office	xp-sp1	xp-sp1.x

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html
http://marc.info/?l=bugtraq&m=106262077829157&w=2
http://secunia.com/advisories/9666
http://www.kb.cert.org/vuls/id/804780
http://www.securityfocus.com/bid/8534
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037

Vulnerability Database

289,599

CVE-2003-0347