Back to search
CVE-2003-0908
Published: Apr 16, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
10124
vdb-entry
x_refsource_BID
O-114
third-party-advisory
government-resource
x_refsource_CIAC
win2k-utilitymgr-gain-privileges(15632)
vdb-entry
x_refsource_XF
http://www.appsecinc.com/resources/alerts/general/04-0001.html
x_refsource_MISC
MS04-011
vendor-advisory
x_refsource_MS
VU#526084
third-party-advisory
x_refsource_CERT-VN
TA04-104A
third-party-advisory
x_refsource_CERT
http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html
x_refsource_MISC
20040414 [SHATTER Team Security Alert] Microsoft Windows Utility Manager Vulnerability
mailing-list
x_refsource_VULNWATCH
oval:org.mitre.oval:def:1046
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now