Microsoft Windows Utility Manager contains vulnerability in the way it launches applications

Overview

Microsoft Windows Utility Manager contains a vulnerability that may permit an authenticated user to launch applications with elevated privileges.

Description

Microsoft Windows 2000’s Utility Manager is a program that permits users to monitor and launch various accessibility applications. A vulnerability in the Utility Manager may permit an authenticated user to launch applications with “SYSTEM” privileges.

---

Impact

An authenticated user can exploit this vulnerability to launch applications with “SYSTEM” privileges.

---

Solution

Apply a patch from the vendor

Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.

---

Vendor Information

526084

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: April 14, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft Security Bulletin MS04-011 contains information regarding this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23526084 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx&gt;

Acknowledgements

Thanks to Microsoft for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs:	CVE-2003-0908
Severity Metric:	18.56 Date Public: