Описание
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
Ссылки
- PatchVendor Advisory
- PatchThird Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- PatchThird Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
EPSS
7.2 High
CVSS2
Дефекты
Связанные уязвимости
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
EPSS
7.2 High
CVSS2