{"vuid":"VU#868580","idnumber":"868580","name":"Microsoft Windows Utility Manager launches applications with system privileges","keywords":["Microsoft","Windows","Utility Manager","privilege escalation","Q842526","MS04-019","shatter"],"overview":"The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges.","clean_desc":"The Microsoft Windows 2000 Utility Manager is a program that permits users to monitor and launch various accessibility applications. This program contains a privilege escalation vulnerability that permits authenticated local users to launch applications with SYSTEM privileges. Microsoft reports that the vulnerability disclosed in MS04-019 is different than the one reported in MS04-011, which is described in VU#526084.","impact":"This vulnerability allows authenticated local users to launch applications with SYSTEM privileges.","resolution":"Apply a patch from Microsoft Microsoft has provided a Security Update to address this vulnerability; for further details, please see Microsoft Security Bulletin MS04-019.","workarounds":"Disable the Utility Manager Administrators can use the Group Policy settings to disable the Utility Manager. Although this action does not fully address the vulnerability, it may be a useful interim measure to prevent exploitation.","sysaffected":"","thanks":"This vulnerability was reported to Microsoft by Cesar Cerrudo of Application Security Inc.","author":"This document was written by Jeffrey P. Lanza.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","4","-","0","1","9",".","m","s","p","x"],"cveids":["CVE-2004-0213"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-07-13T20:38:34Z","publicdate":"2004-07-13T00:00:00Z","datefirstpublished":"2004-07-14T14:37:46Z","dateupdated":"2004-07-14T14:37:50Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"18","cam_exploitation":"10","cam_internetinfrastructure":"0","cam_population":"15","cam_impact":"18","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"21.2625","cam_scorecurrentwidelyknown":"22.78125","cam_scorecurrentwidelyknownexploited":"30.375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":21.2625,"vulnote":null}