CVE-2003-0908

Microsoft Windows 2000 - Local Privilege Escalation via Utility Manager Shatter Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0908. PoCs published by Cesar Cerrudo.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Windows Utility Manager by manipulating the Windows Help dialog to execute cmd.exe with system privileges. It automates UI interactions to bypass security restrictions and spawn a privileged shell.

Description

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · clocalwindows

https://www.exploit-db.com/exploits/271

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in Windows Utility Manager by manipulating the Windows Help dialog to execute cmd.exe with system privileges. It automates UI interactions to bypass security restrictions and spawn a privileged shell.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows Utility Manager (utilman.exe) on vulnerable Windows versions

Auth required

Prerequisites: Local access to the target system · Utility Manager must be accessible

MITRE ATT&CK