Published: 31/12/2001 Updated: 30/04/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 2000

source: wwwsecurityfocuscom/bid/3291/info The Windows 2000 RunAs service allows an application or service to be executed as a different user It is accessed by holding down the shift key and right mouse clicking on an icon, then selecting 'Run as' from the context menu When the service is invoked, it creates a named pipe session with ...

NVD-CWE-Other http://online.securityfocus.com/archive/1/236113 http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html http://www.securityfocus.com/bid/3291 http://www.iss.net/security_center/static/7533.php https://nvd.nist.gov https://www.exploit-db.com/exploits/21099/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2001-1518

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect