Lucene search

K
cve[email protected]CVE-2003-0350
HistoryAug 18, 2003 - 4:00 a.m.

CVE-2003-0350

2003-08-1804:00:00
web.nvd.nist.gov
18
cve-2003-0350
accessibility manager
windows 2000
arbitrary code execution
shatter style message

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a β€œShatter” style message to the Utility Manager that references a user-controlled callback function.

Affected configurations

NVD
Node
microsoftwindows_2000
OR
microsoftwindows_2000sp1
OR
microsoftwindows_2000sp2
OR
microsoftwindows_2000sp3

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

Related for CVE-2003-0350