CVE-2003-0350

MEDIUM

Description

The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html

http://marc.info/?l=bugtraq&m=105777681615939&w=2

http://www.ngssoftware.com/advisories/utilitymanager.txt

http://www.securityfocus.com/bid/8154

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025

https://exchange.xforce.ibmcloud.com/vulnerabilities/12543

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451

Details

Source: MITRE

Published: 2003-08-18

Updated: 2018-10-12

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM