CVE-2004-0213
Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
El Adminstrador de Útiles en Windows 2000 lanza winhlp32.exe mientras que el Administrador de útiles se está ejecutando con privilegios elevados, lo que permite a usuarios locales ganar privilegios de sistema mediante un ataque de estilo "estallamiento" (shatter) que envía un mensaje de Windows para hacer que el Administrador de Útiles lance winhlp32 accediendo directamente a la ayuda sensible al contexto y saltándose el interfaz de usuario (GUI), y entonces enviando otro mensaje a winhlp32 para abrir un fichero seleccionado por el usuario, una vulnerabilidad distinta de CAN 2003-0908.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2004-03-11 CVE Reserved
- 2004-07-14 CVE Published
- 2004-07-14 First Exploit
- 2024-07-29 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108975382413405&w=2 | Mailing List | |
| http://www.kb.cert.org/vuls/id/868580 | Third Party Advisory |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16592 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2495 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/351 | 2004-07-17 | |
| https://www.exploit-db.com/exploits/352 | 2004-07-17 | |
| https://www.exploit-db.com/exploits/355 | 2004-07-20 | |
| https://www.exploit-db.com/exploits/350 | 2004-07-14 |
| URL | Date | SRC |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA04-196A.html | 2024-02-14 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-019 | 2024-02-14 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | - | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | - | sp4 |
Affected
| ||||||