7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.0%
The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges.
The Microsoft Windows 2000 Utility Manager is a program that permits users to monitor and launch various accessibility applications. This program contains a privilege escalation vulnerability that permits authenticated local users to launch applications with SYSTEM privileges.
Microsoft reports that the vulnerability disclosed in MS04-019 is different than the one reported in MS04-011, which is described in VU#526084.
This vulnerability allows authenticated local users to launch applications with SYSTEM privileges.
Apply a patch from Microsoft
Microsoft has provided a Security Update to address this vulnerability; for further details, please see Microsoft Security Bulletin MS04-019.
Disable the Utility Manager
Administrators can use the Group Policy settings to disable the Utility Manager. Although this action does not fully address the vulnerability, it may be a useful interim measure to prevent exploitation.
868580
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 13, 2004 Updated: July 14, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868580 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/ms04-019.mspx>
This vulnerability was reported to Microsoft by Cesar Cerrudo of Application Security Inc.
This document was written by Jeffrey P. Lanza.
CVE IDs: | CVE-2004-0213 |
---|---|
Severity Metric: | 21.26 Date Public: |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.0%