Vulnerability Details CVE-2003-0350
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v2 Score 4.6
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html
- http://marc.info/?l=bugtraq&m=105777681615939&w=2
- http://www.ngssoftware.com/advisories/utilitymanager.txt
- http://www.securityfocus.com/bid/8154
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12543
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html
- http://marc.info/?l=bugtraq&m=105777681615939&w=2
- http://www.ngssoftware.com/advisories/utilitymanager.txt
- http://www.securityfocus.com/bid/8154
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12543
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451
Products affected by CVE-2003-0350
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_2000:beta3