1. Home
  2. CVE Database
  3. CVE-2003-0010
HIGH · 7.5

CVE-2003-0010

Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a...

Vulnerability Description

Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MicrosoftWindows 2000All versions
MicrosoftWindows 2000 Terminal ServicesAll versions
MicrosoftWindows 98All versions
MicrosoftWindows 98SeAll versions
MicrosoftWindows MeAll versions
MicrosoftWindows Nt4.0
MicrosoftWindows XpAll versions

References

FAQ

What is CVE-2003-0010?

CVE-2003-0010 is a vulnerability with a CVSS score of 7.5 (HIGH). Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a...

How severe is CVE-2003-0010?

CVE-2003-0010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0010?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2000 Terminal Services, Microsoft Windows 98, Microsoft Windows 98Se, Microsoft Windows Me.