search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Microsoft Windows 2000 Service Control Manager creates predictably named pipes

Vulnerability Note VU#31607

Original Release Date: 2001-05-09 | Last Revised: 2001-05-10

Overview

A vulnerability exists in the Microsoft Windows 2000 Service Control Manager which could allow local users to gain control of the system.

Description

A vulnerability exists in the Service Control Manager (SCM) function. This function creates named pipes for system services. More information on this problem is available from Microsoft at:

http://www.microsoft.com/technet/security/bulletin/ms00-053.asp

Impact

An attacker can execute code with the privileges of any other user on the machine, including the administrator or the system itself.

Solution

Apply the patch described in http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23432

Vendor Information

31607
Expand all

Microsoft

Updated:  May 09, 2001

Status

  Vulnerable

Vendor Statement

Microsoft has published a security document regarding this vulnerability, the contents of which can be found at http://www.microsoft.com/technet/security/bulletin/ms00-053.asp

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Our thanks to Microsoft for the information contained in their bulletin

This document was written by Ian A. Finlay.

Other Information

CVE IDs: CVE-2000-0737
Severity Metric: 8.66
Date Public: 2000-08-02
Date First Published: 2001-05-09
Date Last Updated: 2001-05-10 13:44 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.