Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0350

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0350
Last Modified 10 Sep 2008 03:18:41
Published 18 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0350

Summary

The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


References

MISC - http://www.ngssoftware.com/advisories/utilitymanager.txt

MS - MS03-025

BUGTRAQ - 20030709 Microsoft Utility Manager Local Privilege Escalation

XF - win2k-accessibility-gain-privileges

BID - 8154


Last Updated: 27 May 2016 10:37:52