CVE-2004-0213

Name of the Vulnerable Software and Affected Versions Windows 2000

Description The issue allows local users to gain system privileges via a "Shatter" style attack. This is achieved by sending a Windows message to Utility Manager, which launches winhlp32.exe with raised privileges. The attack bypasses the GUI by directly accessing context-sensitive help and then sends another message to winhlp32 to open a user-selected file.

Recommendations For Windows 2000, at the moment, there is no information about a newer version that contains a fix for this vulnerability.