| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.8 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Word 97/98/2000/2002. It has been declared as critical. Affected is an unknown function of the component Macro Name Handler. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2003-0820. The attack may be launched remotely. There is no exploit available. Applying a patch is advised to resolve this issue.
Details
A vulnerability was found in Microsoft Word 97/98/2000/2002 (Word Processing Software). It has been classified as critical. Affected is some unknown processing of the component Macro Name Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
The bug was discovered 10/15/2003. The weakness was shared 11/11/2003 by Kazuyuki Housaka as MS03-050 as confirmed bulletin (Technet). The advisory is shared for download at microsoft.com. This vulnerability is traded as CVE-2003-0820 since 09/18/2003. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.
The vulnerability was handled as a non-public zero-day exploit for at least 27 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 11920 (MS03-050: Word and/or Excel may allow arbitrary code to run (831527)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 110021 (Vulnerability in Word 2000 and Excel 2000 Could Allow Arbitrary Code To Run (MS03-050)).
Applying the patch MS03-050 is able to eliminate this problem. The bugfix is ready for download at office.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (13681), Tenable (11920), SecurityFocus (BID 8835†), OSVDB (2801†) and Secunia (SA10194†). Further details are available at support.microsoft.com. The entry VDB-385 is related to this item. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.0VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.0
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 11920
Nessus Name: MS03-050: Word and/or Excel may allow arbitrary code to run (831527)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS03-050
Timeline
09/18/2003 🔍10/15/2003 🔍
10/15/2003 🔍
10/15/2003 🔍
11/11/2003 🔍
11/11/2003 🔍
11/11/2003 🔍
11/11/2003 🔍
11/11/2003 🔍
11/12/2003 🔍
11/13/2003 🔍
12/15/2003 🔍
07/21/2025 🔍
Sources
Vendor: microsoft.comAdvisory: MS03-050
Researcher: Kazuyuki Housaka
Status: Confirmed
CVE: CVE-2003-0820 (🔍)
GCVE (CVE): GCVE-0-2003-0820
GCVE (VulDB): GCVE-100-384
OVAL: 🔍
X-Force: 13681 - Microsoft Excel macro allows attacker to execute code, High Risk
SecurityFocus: 8835 - Microsoft Word Macro Name Handler Buffer Overflow Vulnerability
Secunia: 10194 - Microsoft Word and Excel Execution of Arbitrary Code, Highly Critical
OSVDB: 2801 - Microsoft Word and Excel Execution of Arbitrary Code
SecuriTeam: securiteam.com
Vulnerability Center: 2835 - [MS03-050] Buffer Overflow in Microsoft Word Macro Names, Medium
Misc.: 🔍
See also: 🔍
Entry
Created: 11/12/2003 11:29Updated: 07/21/2025 04:23
Changes: 11/12/2003 11:29 (95), 06/27/2019 09:14 (1), 07/21/2025 04:23 (17)
Complete: 🔍
Cache ID: 216:FBD:103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.