CVE-2003-0664 — Microsoft Word vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

7.3%

top 8.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Word Microsoft Works

Timeline

PublishedOct 20

Latest updateApr 29

Description

Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/word4 versions+3

▶NVDmicrosoft/works2001, 2002, 2003+2

🔴Vulnerability Details

GHSA

GHSA-vpf6-wrhg-p4jg: Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security↗2022-04-29

▶

CVEList

CVE-2003-0664: Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security↗2003-09-04

▶