Lucene search

[email protected]CVE-2003-0908

HistoryJun 01, 2004 - 4:00 a.m.

CVE-2003-0908

2004-06-0104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

utility manager

windows 2000

arbitrary code

cve-2003-0908

nvd

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.8%

JSON

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a “Shatter” style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*

References

archives.neohapsis.com/archives/vulnwatch/2004-q1/0082.html

www.appsecinc.com/resources/alerts/general/04-0001.html

www.ciac.org/ciac/bulletins/o-114.shtml

www.kb.cert.org/vuls/id/526084

www.securiteam.com/windowsntfocus/5LP0C2ACKU.html

www.securityfocus.com/bid/10124

www.us-cert.gov/cas/techalerts/TA04-104A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

exchange.xforce.ibmcloud.com/vulnerabilities/15632

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1046

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for CVE-2003-0908

cve1 securityvulns5 cert2 nessus2 openvas1