CVE-2004-0213 — HIGH severity vulnerability (Utility Manager in Windows 2000 launches winhlp32.exe while)
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and byp
| CVE ID | CVE-2004-0213 |
|---|---|
| Severity | HIGH |
| CVSS score | 7.8 |
| CVSS vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CWE | CWE-306 |
| Status | Modified |
| Published | 2004-08-06 |
| Last modified | 2026-04-16 |
| Description | Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →