Vulnerability Note VU#526084

Microsoft Windows Utility Manager contains vulnerability in the way it launches applications

Original Release date: 14 Apr 2004 | Last revised: 14 Apr 2004

Overview

Microsoft Windows Utility Manager contains a vulnerability that may permit an authenticated user to launch applications with elevated privileges.

Description

Microsoft Windows 2000's Utility Manager is a program that permits users to monitor and launch various accessibility applications. A vulnerability in the Utility Manager may permit an authenticated user to launch applications with "SYSTEM" privileges.

Impact

An authenticated user can exploit this vulnerability to launch applications with "SYSTEM" privileges.

Solution

Apply a patch from the vendor

Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-14 Apr 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Microsoft for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

  • CVE IDs: CAN-2003-0908
  • Date Public: 13 Apr 2004
  • Date First Published: 14 Apr 2004
  • Date Last Updated: 14 Apr 2004
  • Severity Metric: 18.56
  • Document Revision: 4

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.