CVE-2003-0908

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.

Date published : 2004-04-16

http://www.securityfocus.com/bid/10124

http://www.us-cert.gov/cas/techalerts/TA04-104A.html