CVE-2004-0213

HIGH

Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-0213. PoCs published by kralor, bkbll, Cesar Cerrudo.

AI-analyzed exploit summary This exploit targets CVE-2004-0213, a local privilege escalation vulnerability in Windows 2000 Utility Manager. It leverages language-specific window names to spawn a system-level command shell via a crafted sequence of GUI interactions and socket-based command execution.

Description

Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.

Exploits (4)

exploitdb WORKING POC VERIFIED

by kralor · clocalwindows

https://www.exploit-db.com/exploits/355

View Code ZIP pw:eip

This exploit targets CVE-2004-0213, a local privilege escalation vulnerability in Windows 2000 Utility Manager. It leverages language-specific window names to spawn a system-level command shell via a crafted sequence of GUI interactions and socket-based command execution.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 2000 Utility Manager

Auth required

Prerequisites: Local access to a Windows 2000 system · Ability to execute arbitrary code in a low-privilege context

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by kralor · clocalwindows

https://www.exploit-db.com/exploits/352

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in Windows 2000 Utility Manager by manipulating window messages to execute a command prompt with SYSTEM privileges. It dynamically adapts to system language settings to ensure compatibility.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 2000 Utility Manager

Auth required

Prerequisites: Local access to a Windows 2000 system · User-level execution privileges

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by bkbll · clocalwindows

https://www.exploit-db.com/exploits/351

View Code ZIP pw:eip

This exploit targets CVE-2004-0213, a local privilege escalation vulnerability in the Microsoft Windows POSIX subsystem. It leverages a buffer overflow in the POSIX subsystem to execute arbitrary code with SYSTEM privileges by injecting shellcode into a suspended process.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows POSIX Subsystem (Windows 2000 SP4, potentially others)

Auth required

Prerequisites: Local access to the target system · POSIX subsystem installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · clocalwindows

https://www.exploit-db.com/exploits/350

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in Windows 2000 Utility Manager by manipulating window messages to spawn a command shell with SYSTEM privileges. It automates UI interactions to bypass intended restrictions and execute cmd.exe.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 2000 Utility Manager

Auth required

Prerequisites: Local access to a Windows 2000 system · Ability to launch Utility Manager (Win+U)

MITRE ATT&CK