Definition

Windows Utility Manager Shatter Message Vulnerability

oval:org.mitre.oval:def:1046

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI as demonstrated using the File Open dialog in the Help window a different vulnerability than CVE-2004-0213.

Family:

windows

Status:

ACCEPTED

Platform(s):

Microsoft Windows 2000

Class:

vulnerability

Reference(s):

CVE-2003-0908

Product(s):

Utility Manager