Vulnerability Description
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Directx | 5.2 |
References
- http://marc.info/?l=bugtraq&m=105899759824008&w=2
- http://www.cert.org/advisories/CA-2003-18.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/265232US Government Resource
- http://www.kb.cert.org/vuls/id/561284US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=105899759824008&w=2
- http://www.cert.org/advisories/CA-2003-18.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/265232US Government Resource
- http://www.kb.cert.org/vuls/id/561284US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2003-0346?
CVE-2003-0346 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyrigh...
How severe is CVE-2003-0346?
CVE-2003-0346 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0346?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Directx.