Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0213

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0213
Last Modified 10 Sep 2008 03:25:31
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0213

Summary

Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


References

CERT - TA04-196A

CERT-VN - VU#868580

MS - MS04-019

BUGTRAQ - 20040713 Microsoft Window Utility Manager Local Elevation of Privileges

XF - win-utilitymanager-gain-privileges(16592)


Last Updated: 27 May 2016 10:38:31