CVE-2003-0820 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Word

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

17.5%

top 4.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Word Microsoft Works

Timeline

PublishedDec 15

Latest updateApr 29

Description

Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/word4 versions+3

▶NVDmicrosoft/works4 versions+3

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-ggm6-m8r4-r7vh: Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data val↗2022-04-29

▶

CVEList

CVE-2003-0820: Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data val↗2003-11-18

▶