Vulnerability Details : CVE-2003-0820
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
Vulnerability category: OverflowExecute code
Products affected by CVE-2003-0820
- cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:zh:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:97:*:*:zh:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:ko:*:*:*:*
- cpe:2.3:a:microsoft:word:97:*:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:97:*:*:ko:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:ko:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:zh:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:98:sr2:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:98:sr1:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0820
8.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0820
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2003-0820
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A668
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336
Third Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html
Vendor Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A586
Third Party Advisory
-
http://www.security.nnov.ru/search/document.asp?docid=5243
Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/13682
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/8835
Patch;Third Party Advisory;VDB Entry;Vendor Advisory
Jump to