← CVECheck
HomeVulnerabilities

CVE-2004-0213 — HIGH severity vulnerability (Utility Manager in Windows 2000 launches winhlp32.exe while)

Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and byp

CVE IDCVE-2004-0213
SeverityHIGH
CVSS score7.8
CVSS vectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWECWE-306
StatusModified
Published2004-08-06
Last modified2026-04-16
DescriptionUtility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →