Executive Summary

Informations
Name CVE-2003-0350 First vendor Publication 2003-08-18
Vendor Cve Last vendor Modification 2019-04-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0350

CWE : Common Weakness Enumeration

% Id Name

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:451
 
Oval ID: oval:org.mitre.oval:def:451
Title: Windows ListView Shatter Message Vulnerability
Description: The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
Family: windows Class: vulnerability
Reference(s): CVE-2003-0350
Version: 7
Platform(s): Microsoft Windows 2000
Product(s): Utilities Manager/Windows Messaging
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 4

OpenVAS Exploits

Date Description
2009-03-15 Name : MS04-011 security check
File : nvt/remote-MS04-011.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
13410 Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution

Nessus® Vulnerability Scanner

Date Description
2007-10-05 Name : The remote system is not up to date.
File : service_pack_not_installed.nasl - Type : ACT_GATHER_INFO
2003-07-13 Name : A local user can elevate his privileges.
File : smb_nt_ms03-025.nasl - Type : ACT_GATHER_INFO
2000-10-10 Name : The remote system has the latest service pack installed.
File : smb_reg_service_pack_W2K.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/8154
BUGTRAQ http://marc.info/?l=bugtraq&m=105777681615939&w=2
MISC http://www.ngssoftware.com/advisories/utilitymanager.txt
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
VULNWATCH http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/12543

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2020-05-23 00:15:24
  • Multiple Updates
2019-04-30 21:19:17
  • Multiple Updates
2018-10-13 00:22:27
  • Multiple Updates
2018-06-22 12:01:30
  • Multiple Updates
2017-10-11 09:23:17
  • Multiple Updates
2017-07-11 12:01:16
  • Multiple Updates
2016-10-18 12:01:11
  • Multiple Updates
2016-04-26 12:32:46
  • Multiple Updates
2014-02-17 10:26:09
  • Multiple Updates
2013-05-11 11:51:07
  • Multiple Updates