Unrated severityNVD Advisory· Published Dec 15, 2003· Updated Jun 16, 2026

CVE-2003-0820

Description

Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Microsoft/Word24 versions
cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:ko:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:zh:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:97:*:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:97:*:*:ko:*:*:*:*
- cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:97:*:*:zh:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:ko:*:*:*:*
- cpe:2.3:a:microsoft:word:98:sr1:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:98:sr2:*:ja:*:*:*:*
- cpe:2.3:a:microsoft:word:98:*:*:zh:*:*:*:*
- (no CPE)range: 97, 98(J), 2000, 2002
Microsoft/Works4 versions
cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
Microsoft/Works Suitellm-fuzzy
Range: 2001-2004

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.securityfocus.com/bid/8835nvdPatchThird Party AdvisoryVDB EntryVendor Advisory
archives.neohapsis.com/archives/bugtraq/2003-10/0163.htmlnvdVendor Advisory
www.security.nnov.ru/search/document.aspnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/13682nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A586nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A668nvdThird Party Advisory
docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.021
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000