CVE-2003-0908
CVE-2003-0908
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/271unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0082.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011https://exchange.xforce.ibmcloud.com/vulnerabilities/15632https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1046http://www.appsecinc.com/resources/alerts/general/04-0001.htmlhttp://www.ciac.org/ciac/bulletins/o-114.shtmlhttp://www.kb.cert.org/vuls/id/526084http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.htmlhttp://www.securityfocus.com/bid/10124http://www.us-cert.gov/cas/techalerts/TA04-104A.html