Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2004-0213

Published: 06/08/2004 Updated: 14/02/2024
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 740
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Windows 2000

Vulnerability Summary

Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2000 -

Exploits

Exploit DB: Microsoft Windows Server 2000 - Utility Manager All-in-One (MS04-019)
/****************************************************************************************** *****C*****O*****R*****O******M******P*****U*******T*******E******R*****2***0***0***4**** ** [Crpt] Utility Manager exploit v2666 modified by kralor [Crpt] ** ********************************** ...
Exploit DB: Microsoft Windows Server 2000 - Universal Language Utility Manager (MS04-019)
/****************************************************************************************** ****C*****O*****R*****O******M******P*****U*******T*******E******R*****2***0***0***4***** ** [Crpt] Utility Manager exploit v1666 modified by kralor [Crpt] ** ********************************* ...
Exploit DB: Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020)
/* Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit (MS04-020) * * Tested on windows 2k sp4 CN,NT/XP/2003 NOT TESTED * * Posixexpc By bkbll (bkbll cnhonker net,bkbll tom com) www cnhonker com * * 2004/07/16 * * thanks to eyas xfocus org * * C:\>whoami VITUALWIN2K\test C:\>posixexp Microsoft Windows POSIX Subsystem Local ...
Exploit DB: Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019)
//by Cesar Cerrudo sqlsec at yahoocom //Local elevation of priviliges exploit for Windows 2K Utility Manager (second one!!!!) //Gives you a shell with system privileges //If you have problems try changing Sleep() values #include "stdioh" #include "windowsh" int main(int argc, char* argv[]) { HWND lHandle, lHandle2; POINT point; char sTex ...

References

CWE-306http://www.us-cert.gov/cas/techalerts/TA04-196A.htmlhttp://www.kb.cert.org/vuls/id/868580http://marc.info/?l=bugtraq&m=108975382413405&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16592https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019https://nvd.nist.govhttps://www.exploit-db.com/exploits/355/https://www.kb.cert.org/vuls/id/868580
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook