Vulnerability Note VU#31607
Microsoft Windows 2000 Service Control Manager creates predictably named pipes
A vulnerability exists in the Microsoft Windows 2000 Service Control Manager which could allow local users to gain control of the system.
A vulnerability exists in the Service Control Manager (SCM) function. This function creates named pipes for system services. More information on this problem is available from Microsoft at:
An attacker can execute code with the privileges of any other user on the machine, including the administrator or the system itself.
Apply the patch described in http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23432
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||-||09 May 2001|
CVSS Metrics (Learn More)
Our thanks to Microsoft for the information contained in their bulletin.
This document was written by Ian A. Finlay.
- CVE IDs: CVE-2000-0737
- Date Public: 02 Aug 2000
- Date First Published: 09 May 2001
- Date Last Updated: 10 May 2001
- Severity Metric: 8.66
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.