Vulnerabilities > CVE-2003-0350 - Unspecified vulnerability in Microsoft Windows 2000
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
nessus
Summary
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS03-025.NASL description The remote host runs a version of Windows that has a flaw in the way the utility manager handles Windows messages. As a result, it is possible for a local user to gain additional privileges on this host. last seen 2020-06-01 modified 2020-06-02 plugin id 11789 published 2003-07-13 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11789 title MS03-025: Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679) NASL family Windows NASL id SERVICE_PACK_NOT_INSTALLED.NASL description The remote version of Microsoft Windows has no service pack or the one installed is no longer supported. As a result, it is likely to contain security vulnerabilities. last seen 2020-06-02 modified 2007-10-05 plugin id 26921 published 2007-10-05 reporter This script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26921 title Windows Service Pack Out-of-Date
Oval
| accepted | 2011-05-16T04:03:00.883-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| description | The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:451 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2003-09-09T12:00:00.000-04:00 | ||||||||||||||||||||
| title | Windows ListView Shatter Message Vulnerability | ||||||||||||||||||||
| version | 70 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html
- http://marc.info/?l=bugtraq&m=105777681615939&w=2
- http://marc.info/?l=bugtraq&m=105777681615939&w=2
- http://www.ngssoftware.com/advisories/utilitymanager.txt
- http://www.ngssoftware.com/advisories/utilitymanager.txt
- http://www.securityfocus.com/bid/8154
- http://www.securityfocus.com/bid/8154
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12543
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451