7.8
CVE-2004-0213
- EPSS 21.26%
- Veröffentlicht 06.08.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Version- Updatesp2
Microsoft ≫ Windows 2000 Version- Updatesp3
Microsoft ≫ Windows 2000 Version- Updatesp4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 21.26% | 0.973 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
http://www.us-cert.gov/cas/techalerts/TA04-196A.html
http://marc.info/?l=bugtraq&m=108975382413405&w=2
http://www.kb.cert.org/vuls/id/868580
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019
https://exchange.xforce.ibmcloud.com/vulnerabilities/16592
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495