← CVECheck
HomeVulnerabilities

CVE-2003-0908 — HIGH severity vulnerability (The Utility Manager in Microsoft Windows 2000 executes winhl)

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a

CVE IDCVE-2003-0908
SeverityHIGH
CVSS score7.2
CVSS vectorAV:L/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2004-06-01
Last modified2026-04-16
DescriptionThe Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →