Oval Definition:oval:org.mitre.oval:def:2495
Revision Date:2007-02-20Version:44
Title:Windows Utility Manager Shatter Message Vulnerability II
Description:Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0213
Platform(s):Microsoft Windows 2000
Product(s):Utility Manager
Definition Synopsis
  • Windows 2000 is installed
  • AND the version of Sp3res.dll is less than 5.0.2195.6928
  • AND the version of Umandlg.dll is less than 1.0.0.5
  • AND NOT the patch kb842526 is installed
  • BACK