New Search

Windows Utility Manager Shatter Message Vulnerability

oval:org.mitre.oval:def:1046

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI as demonstrated using the File Open dialog in the Help window a different vulnerability than CVE-2004-0213.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2003-0908
Product(s):
  • Utility Manager