search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Buffer Overflow in URLMON.DLL

Vulnerability Note VU#169753

Original Release Date: 2003-04-24 | Last Revised: 2003-04-24


A buffer overflow in URLMON.DDL may allow an intruder to execute arbitrary code.


URLMON.DLL is a library used by Microsoft Internet Explorer. It contains a buffer overflow that could allow an intruder to execute arbitrary code if the intruder can convince the victim to visit a malicious web page or, in some limited circumstances, open a malicious email message. For more information, see Microsoft Security Bulletin MS03-015.


An intruder could execute arbitrary code with the privileges of the user operating the vulnerable web browser or email client.


Apply a patch as described in MS03-015.

Vendor Information

CVSS Metrics

Group Score Vector



Thanks to Microsoft Corporation for reporting this vulnerability.

This document was written by Shawn V Hernan based on information provided by Microsoft.

Other Information

CVE IDs: CVE-2003-0113
Severity Metric: 10.80
Date Public: 2003-04-23
Date First Published: 2003-04-24
Date Last Updated: 2003-04-24 03:56 UTC
Document Revision: 9

Sponsored by CISA.