Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0908

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-0908
Last Modified 10 Sep 2008 03:20:54
Published 01 Jun 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0908

Summary

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


References

CERT-VN - VU#526084

CERT - TA04-104A

MS - MS04-011

MISC - http://www.appsecinc.com/resources/alerts/general/04-0001.html

VULNWATCH - 20040414 [SHATTER Team Security Alert] Microsoft Windows Utility Manager Vulnerability

XF - win2k-utilitymgr-gain-privileges(15632)

BID - 10124

MISC - http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html

CIAC - O-114


Last Updated: 27 May 2016 10:38:06