CVE-2003-0908
published 2004-06-01CVE-2003-0908: The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter"…
PriorityP339high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
27.42%
97.8th percentile
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wwxr-4g98-3vf6: The Utility Manager in Microsoft Windows 2000 executes winhlp32
ghsa_unreviewed·2022-04-29·CVSS 7.8
CVE-2003-0908 [HIGH] GHSA-wwxr-4g98-3vf6: The Utility Manager in Microsoft Windows 2000 executes winhlp32
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
GHSA
GHSA-62vf-wrg7-5x68: Utility Manager in Windows 2000 launches winhlp32
ghsa_unreviewed·2022-04-29·CVSS 7.2
CVE-2004-0213 [HIGH] CWE-306 GHSA-62vf-wrg7-5x68: Utility Manager in Windows 2000 launches winhlp32
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
No detection rules found.
No writeups or analysis indexed.
CWE
Trust of System Event Data
mitre_cwe·CVSS 7.2
[HIGH] CWE-360 Trust of System Event Data
CWE-360: Trust of System Event Data
Security based on event locations are insecure and can be spoofed.
Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability, Access Control. Impact: Gain
CWE
Unprotected Windows Messaging Channel ('Shatter')
mitre_cwe·CVSS 4.6
[MEDIUM] CWE-422 Unprotected Windows Messaging Channel ('Shatter')
CWE-422: Unprotected Windows Messaging Channel ('Shatter')
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
Modes of Introduction:
Phase: Architecture and Design
Common Consequences:
Scope: Access Control. Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism.
Potential Mitigations:
[Architecture and Design] Always verify and authenticate the source of the message.
Observed Examples:
CVE-2002-0971: Bypass GUI and access restricted dialog box.
CVE-2002-1230: Gain privileges via Windows message.
CVE-2003-0350: A control allows a change to a pointer for a callback function using Windows mess
CWE
Execution with Unnecessary Privileges
mitre_cwe
CWE-250 Execution with Unnecessary Privileges
CWE-250: Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Phase: Installation
Phase: Architecture and Design
Note: If an application has this design problem, then it can be easier for the developer to make implementation-related errors such as CWE-271 (Privilege Dropping / Lowering Errors). In addition, the consequences of Privilege Chaining (CWE-268) can become more severe.
Phase: Operation
Common Consequences:
Scope: Confidentiality, Integrity, Availability, Access Contro
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0082.htmlhttp://www.appsecinc.com/resources/alerts/general/04-0001.htmlhttp://www.ciac.org/ciac/bulletins/o-114.shtmlhttp://www.kb.cert.org/vuls/id/526084http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.htmlhttp://www.securityfocus.com/bid/10124http://www.us-cert.gov/cas/techalerts/TA04-104A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011https://exchange.xforce.ibmcloud.com/vulnerabilities/15632https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1046http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0082.htmlhttp://www.appsecinc.com/resources/alerts/general/04-0001.htmlhttp://www.ciac.org/ciac/bulletins/o-114.shtmlhttp://www.kb.cert.org/vuls/id/526084http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.htmlhttp://www.securityfocus.com/bid/10124http://www.us-cert.gov/cas/techalerts/TA04-104A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011https://exchange.xforce.ibmcloud.com/vulnerabilities/15632https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1046
2004-06-01
Published