Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0347

4 documents4 sources

Severity

10.0CRITICAL

EPSS

63.7%

top 1.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Office Microsoft Project Microsoft Visio +1 more

Timeline

PublishedOct 20

Latest updateApr 29

Description

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/visual_basic5.0, 6.2, 6.3+2

▶NVDmicrosoft/visio2002

▶NVDmicrosoft/office2000, xp+1

▶NVDmicrosoft/project2000, 2002+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-pmf8-3rx6-9hmm: Heap-based buffer overflow in VBE↗2022-04-29

▶

CVEList

CVE-2003-0347: Heap-based buffer overflow in VBE↗2003-09-04

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 - Document Handling Buffer Overrun↗2003-09-03

▶