Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability
BID:10124
Info
Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability
| Bugtraq ID: | 10124 |
| Class: | Access Validation Error |
| CVE: |
CVE-2003-0908 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 13 2004 12:00AM |
| Updated: | Oct 02 2007 06:09PM |
| Credit: | Discovery of this vulnerability has been credited to Brett Moore, Cesar Cerrudo, and Ben Pryor. |
| Vulnerable: |
Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server Avaya S8100 Media Servers 0 Avaya S3400 Message Application Server 0 Avaya IP600 Media Servers Avaya DefinityOne Media Servers |
| Not Vulnerable: | |
Discussion
Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability
Microsoft Utility Manager is prone to a local privilege-escalation vulnerability that may allow a local attacker to execute arbitrary code with SYSTEM privileges.
Microsoft Utility Manager is prone to a local privilege-escalation vulnerability that may allow a local attacker to execute arbitrary code with SYSTEM privileges.
Exploit / POC
Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability
A proof-of-concept exploit has been supplied:
A proof-of-concept exploit has been supplied:
Solution / Fix
Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability
Solution:
Microsoft has released a security bulletin and fixes to address this issue. Please see the references for more information.
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP4
Solution:
Microsoft has released a security bulletin and fixes to address this issue. Please see the references for more information.
Microsoft Windows 2000 Server SP2
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Advanced Server SP3
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Advanced Server SP4
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Server SP3
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Server SP4
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Professional SP3
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Professional SP2
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Professional SP4
-
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A -414C-B3EB-D2342FBB6C00&displaylang=en
References
Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability
References:
References:
- Microsoft Security Bulletin MS04-011 (Microsoft)
- SHATTER Team Security Alert (Application Security, Inc.)