CVE Vulnerabilities

CVE-2003-0346

Published: Aug 27, 2003 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Directx Microsoft 5.2 (including) 5.2 (including)
Directx Microsoft 6.1 (including) 6.1 (including)
Directx Microsoft 7.0 (including) 7.0 (including)
Directx Microsoft 7.0a (including) 7.0a (including)
Directx Microsoft 8.1 (including) 8.1 (including)
Directx Microsoft 9.0a (including) 9.0a (including)

References