CVE-2003-0346
Published Aug 27, 2003
Last updated 6 years ago
Overview
- Description
- Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "194DA1C4-F08C-4219-87DC-BC6B389372EB"
},
{
"criteria": "cpe:2.3:a:microsoft:directx:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4A0B238-DEC5-4DFC-AB8D-2F78E03B0589"
},
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2"
},
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "459D411C-4994-41DB-9594-F460EADA3351"
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE"
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705"
}
],
"operator": "OR"
}
]
}
]