Vulnerability Name:

CVE-2004-0213 (CCN-16592)

Assigned:2004-07-13
Published:2004-07-13
Updated:2019-04-30
Summary:Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Jul 13 2004 - 15:00:33 CDT
Microsoft Window Utility Manager Local Elevation of Privileges

Source: MITRE
Type: CNA
CVE-2004-0213

Source: BUGTRAQ
Type: UNKNOWN
20040713 Microsoft Window Utility Manager Local Elevation of Privileges

Source: CCN
Type: CIAC Information Bulletin O-180
Microsoft Utility Manager Vulnerability

Source: CCN
Type: US-CERT VU#868580
Microsoft Windows Utility Manager launches applications with system privileges

Source: CERT-VN
Type: US Government Resource
VU#868580

Source: CCN
Type: Microsoft Security Bulletin MS04-019
Vulnerability in Utility Manager Could Allow Code Execution (842526)

Source: CCN
Type: BID-10707
Microsoft Windows Utility Manager Local Privilege Escalation Variant Vulnerability

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
TA04-196A

Source: MS
Type: UNKNOWN
MS04-019

Source: XF
Type: UNKNOWN
win-utilitymanager-gain-privileges(16592)

Source: XF
Type: UNKNOWN
win-utilitymanager-gain-privileges(16592)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2495

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:2495
    V
    		Windows Utility Manager Shatter Message Vulnerability II
    2007-02-20
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2000 - sp2
    microsoft windows 2000 - sp3
    microsoft windows 2000 - sp4