Vulnerability Description
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.htmlPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=105777681615939&w=2
- http://www.ngssoftware.com/advisories/utilitymanager.txtPatchVendor Advisory
- http://www.securityfocus.com/bid/8154
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-02
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12543
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.htmlPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=105777681615939&w=2
- http://www.ngssoftware.com/advisories/utilitymanager.txtPatchVendor Advisory
- http://www.securityfocus.com/bid/8154
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-02
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12543
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2003-0350?
CVE-2003-0350 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary c...
How severe is CVE-2003-0350?
CVE-2003-0350 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0350?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000.