search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows 2000 Service Control Manager creates predictably named pipes

Vulnerability Note VU#31607

Original Release Date: 2001-05-09 | Last Revised: 2001-05-10


A vulnerability exists in the Microsoft Windows 2000 Service Control Manager which could allow local users to gain control of the system.


A vulnerability exists in the Service Control Manager (SCM) function. This function creates named pipes for system services. More information on this problem is available from Microsoft at:


An attacker can execute code with the privileges of any other user on the machine, including the administrator or the system itself.


Apply the patch described in

Vendor Information

Expand all


Updated:  May 09, 2001



Vendor Statement

Microsoft has published a security document regarding this vulnerability, the contents of which can be found at

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A



Our thanks to Microsoft for the information contained in their bulletin

This document was written by Ian A. Finlay.

Other Information

CVE IDs: CVE-2000-0737
Severity Metric: 8.66
Date Public: 2000-08-02
Date First Published: 2001-05-09
Date Last Updated: 2001-05-10 13:44 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.