CVE-2003-0908

{"id": "CVE-2003-0908", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-06-01T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0082.html", "source": "cve@mitre.org"}, {"url": "http://www.appsecinc.com/resources/alerts/general/04-0001.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/o-114.shtml", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/526084", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10124", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15632", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1046", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a \"Shatter\" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213."}, {"lang": "es", "value": "Utility Manager enMicrosoft Windows 2000 ejecuta winhlp32.exe con privilegios de sistema, lo que permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n mediante un ataque de estilo \"shatter\" (hacer a\u00f1\u00edcos) usando mensajes de Windows, como se ha demostrado usando el di\u00e1logo de apertura de ficheor en la ventana de ayuda."}], "lastModified": "2018-10-12T21:33:39.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}