CVE-2004-0213 - OpenCVE

Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2000

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2000:-:sp2::::::
	cpe:2.3:o:microsoft:windows_2000:-:sp3::::::
	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=108975382413405&w=2
http://www.kb.cert.org/vuls/id/868580
http://www.us-cert.gov/cas/techalerts/TA04-196A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019
https://exchange.xforce.ibmcloud.com/vulnerabilities/16592
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-07-14T04:00:00

Updated: 2024-08-08T00:10:03.915Z

Reserved: 2004-03-11T00:00:00

Link: CVE-2004-0213

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2004-08-06T04:00:00.000

Modified: 2024-02-14T17:25:53.600

Link: CVE-2004-0213

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a \"Shatter\" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:2495", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495"}, {"name": "TA04-196A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"}, {"name": "VU#868580", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/868580"}, {"name": "win-utilitymanager-gain-privileges(16592)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16592"}, {"name": "20040713 Microsoft Window Utility Manager Local Elevation of Privileges", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108975382413405&w=2"}, {"name": "MS04-019", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0213", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a \"Shatter\" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:2495", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495"}, {"name": "TA04-196A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"}, {"name": "VU#868580", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/868580"}, {"name": "win-utilitymanager-gain-privileges(16592)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16592"}, {"name": "20040713 Microsoft Window Utility Manager Local Elevation of Privileges", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108975382413405&w=2"}, {"name": "MS04-019", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:10:03.915Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:2495", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495"}, {"name": "TA04-196A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"}, {"name": "VU#868580", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/868580"}, {"name": "win-utilitymanager-gain-privileges(16592)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16592"}, {"name": "20040713 Microsoft Window Utility Manager Local Elevation of Privileges", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108975382413405&w=2"}, {"name": "MS04-019", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0213", "datePublished": "2004-07-14T04:00:00", "dateReserved": "2004-03-11T00:00:00", "dateUpdated": "2024-08-08T00:10:03.915Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "FF99A17F-9469-4937-A23B-FD5C8B37087B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "530FC172-94E1-481A-9810-26061D22B6AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a \"Shatter\" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908."}, {"lang": "es", "value": "El Adminstrador de \u00datiles en Windows 2000 lanza winhlp32.exe mientras que el Administrador de \u00fatiles se est\u00e1 ejecutando con privilegios elevados, lo que permite a usuarios locales ganar privilegios de sistema mediante un ataque de estilo \"estallamiento\" (shatter) que env\u00eda un mensaje de Windows para hacer que el Administrador de \u00datiles lance winhlp32 accediendo directamente a la ayuda sensible al contexto y salt\u00e1ndose el interfaz de usuario (GUI), y entonces enviando otro mensaje a winhlp32 para abrir un fichero seleccionado por el usuario, una vulnerabilidad distinta de CAN 2003-0908."}], "id": "CVE-2004-0213", "lastModified": "2024-02-14T17:25:53.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2004-08-06T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=108975382413405&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/868580"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16592"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}