CVE-2003-0820: Buffer Overflow
First published: Tue Nov 18 2003(Updated: )
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Word | =97-sr2 | |
| Microsoft Office Word | =2002-sp1 | |
| Microsoft Office Word | =2000 | |
| Microsoft Office Word | =2000-sr1a | |
| Microsoft Office Word | =97-sr1 | |
| Microsoft Office Word | =98 | |
| Microsoft Works Suite | =2001 | |
| Microsoft Office Word | =97 | |
| Microsoft Works Suite | =2002 | |
| Microsoft Office Word | =98 | |
| Microsoft Office Word | =98 | |
| Microsoft Office Word | =2000 | |
| Microsoft Office Word | =2000-sp2 | |
| Microsoft Office Word | =97 | |
| Microsoft Office Word | =97 | |
| Microsoft Office Word | =98-sr2 | |
| Microsoft Office Word | =2002 | |
| Microsoft Office Word | =97 | |
| Microsoft Office Word | =98 | |
| Microsoft Office Word | =98-sr1 | |
| Microsoft Office Word | =2000-sp3 | |
| Microsoft Office Word | =2000-sr1 | |
| Microsoft Works Suite | =2003 | |
| Microsoft Works Suite | =2004 | |
| Microsoft Office Word | =2000 | |
| Microsoft Office Word | =2000 | |
| Microsoft Office Word | =2002-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html
- http://www.securityfocus.com/bid/8835
- http://www.security.nnov.ru/search/document.asp?docid=5243
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13682
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A668
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A586
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050
Frequently Asked Questions
What is the severity of CVE-2003-0820?
CVE-2003-0820 is considered critical due to its potential for arbitrary code execution through a buffer overflow.
How do I fix CVE-2003-0820?
To mitigate CVE-2003-0820, it is recommended to apply available security patches from Microsoft for affected versions of Word and Works.
Which versions are affected by CVE-2003-0820?
CVE-2003-0820 affects Microsoft Word 97, 98, 2000, 2002, and Microsoft Works from 2001 to 2004.
Can CVE-2003-0820 be exploited remotely?
Yes, CVE-2003-0820 can be exploited remotely by attackers through specially crafted documents.
What kind of attack does CVE-2003-0820 involve?
CVE-2003-0820 involves a buffer overflow attack that can lead to the execution of arbitrary code.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft office word
- version/microsoft office word/97-sr2
- version/microsoft office word/2002-sp1
- version/microsoft office word/2000
- version/microsoft office word/2000-sr1a
- version/microsoft office word/97-sr1
- version/microsoft office word/98
- canonical/microsoft works suite
- version/microsoft works suite/2001
- version/microsoft office word/97
- version/microsoft works suite/2002
- version/microsoft office word/2000-sp2
- version/microsoft office word/98-sr2
- version/microsoft office word/2002
- version/microsoft office word/98-sr1
- version/microsoft office word/2000-sp3
- version/microsoft office word/2000-sr1
- version/microsoft works suite/2003
- version/microsoft works suite/2004
- version/microsoft office word/2002-sp2