Vulnerability Note VU#31607

Microsoft Windows 2000 Service Control Manager creates predictably named pipes

Original Release date: 09 May 2001 | Last revised: 10 May 2001

Overview

A vulnerability exists in the Microsoft Windows 2000 Service Control Manager which could allow local users to gain control of the system.

Description

A vulnerability exists in the Service Control Manager (SCM) function. This function creates named pipes for system services. More information on this problem is available from Microsoft at:

Impact

An attacker can execute code with the privileges of any other user on the machine, including the administrator or the system itself.

Solution

Apply the patch described in http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23432

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
MicrosoftAffected-09 May 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Our thanks to Microsoft for the information contained in their bulletin.

This document was written by Ian A. Finlay.

Other Information

  • CVE IDs: CVE-2000-0737
  • Date Public: 02 Aug 2000
  • Date First Published: 09 May 2001
  • Date Last Updated: 10 May 2001
  • Severity Metric: 8.66
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.