| ID |
CVE-2003-0908
|
| Summary |
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.2 (as of 12-10-2018 - 21:33) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2004-06-16T12:00:00.000-04:00 | | class | vulnerability | | contributors | | name | Harvey Rubinovitz | | organization | The MITRE Corporation |
| | description | The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. | | family | windows | | id | oval:org.mitre.oval:def:1046 | | status | accepted | | submitted | 2004-04-14T12:00:00.000-04:00 | | title | Windows Utility Manager Shatter Message Vulnerability | | version | 64 |
|
| refmap
via4
|
| bid | 10124 | | cert | TA04-104A | | cert-vn | VU#526084 | | ciac | O-114 | | misc | | | vulnwatch | 20040414 [SHATTER Team Security Alert] Microsoft Windows Utility Manager Vulnerability | | xf | win2k-utilitymgr-gain-privileges(15632) |
|
| Last major update |
12-10-2018 - 21:33 |
| Published |
01-06-2004 - 04:00 |
| Last modified |
12-10-2018 - 21:33 |
