CVE-2003-0346 | Vulnerability Database | Aqua Security

Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.

Affected Software

Name	Vendor	Start Version	End Version
Directx	Microsoft	5.2 (including)	5.2 (including)
Directx	Microsoft	6.1 (including)	6.1 (including)
Directx	Microsoft	7.0 (including)	7.0 (including)
Directx	Microsoft	7.0a (including)	7.0a (including)
Directx	Microsoft	8.1 (including)	8.1 (including)
Directx	Microsoft	9.0a (including)	9.0a (including)

References

http://marc.info/?l=bugtraq\u0026m=105899759824008\u0026w=2
http://www.cert.org/advisories/CA-2003-18.html
http://www.kb.cert.org/vuls/id/265232
http://www.kb.cert.org/vuls/id/561284
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0346
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html