Detections
Analytics

CVE-2003-0350

high

Description

The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451

https://exchange.xforce.ibmcloud.com/vulnerabilities/12543

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025

http://www.securityfocus.com/bid/8154

http://www.ngssoftware.com/advisories/utilitymanager.txt

http://marc.info/?l=bugtraq&m=105777681615939&w=2

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html

Details

Source: Mitre, NVD

Published: 2003-08-18

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High