CVE-2003-0010Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows NT

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
20.2%
top 4.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Windows NT
Timeline
PublishedMar 24
Latest updateApr 29

Description

Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-4mmc-ghx2-jjm4: Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript2022-04-29
CVEList
CVE-2003-0010: Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript2003-03-21
CVE-2003-0010 — Microsoft Windows NT vulnerability | cvebase