ID CVE-2003-0908
Summary The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 12-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2004-06-16T12:00:00.000-04:00
class vulnerability
contributors
name Harvey Rubinovitz
organization The MITRE Corporation
description The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
family windows
id oval:org.mitre.oval:def:1046
status accepted
submitted 2004-04-14T12:00:00.000-04:00
title Windows Utility Manager Shatter Message Vulnerability
version 63
refmap via4
bid 10124
cert TA04-104A
cert-vn VU#526084
ciac O-114
misc
ms MS04-011
vulnwatch 20040414 [SHATTER Team Security Alert] Microsoft Windows Utility Manager Vulnerability
xf win2k-utilitymgr-gain-privileges(15632)
Last major update 12-10-2018 - 21:33
Published 01-06-2004 - 04:00
Back to Top