Back to search
CVE-2004-0213
Published: Jul 14, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:2495
vdb-entry
signature
x_refsource_OVAL
TA04-196A
third-party-advisory
x_refsource_CERT
VU#868580
third-party-advisory
x_refsource_CERT-VN
win-utilitymanager-gain-privileges(16592)
vdb-entry
x_refsource_XF
20040713 Microsoft Window Utility Manager Local Elevation of Privileges
mailing-list
x_refsource_BUGTRAQ
MS04-019
vendor-advisory
x_refsource_MS
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now