Shatter vulnerability in CommCtl32.dll: Arbitrary Code Execution via Button Control Messages

Shatter vulnerability in CommCtl32.dll: Arbitrary Code Execution via Button Control Messages

CVE-2003-0897 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

"Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications.

Learn more about our User Device Pen Test.