Unrated severityNVD Advisory· Published Oct 20, 2003· Updated Apr 16, 2026

CVE-2003-0347

Description

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.

Affected products

Microsoft/Office6 versions
cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
Microsoft/Project2 versions
cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*
Microsoft/Visio
cpe:2.3:a:microsoft:visio:2002:*:professional:*:*:*:*:*
Microsoft/Visual Basic4 versions
cpe:2.3:a:microsoft:visual_basic:5.0:*:sdk:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:visual_basic:5.0:*:sdk:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_basic:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_basic:6.2:*:sdk:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_basic:6.3:*:sdk:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/8534nvdExploitPatchVendor Advisory
www.kb.cert.org/vuls/id/804780nvdUS Government Resource
archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.htmlnvd
marc.infonvd
secunia.com/advisories/9666nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.051
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000