search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Windows 2000 Service Control Manager creates predictably named pipes

Vulnerability Note VU#31607

Original Release Date: 2001-05-09 | Last Revised: 2001-05-10

Overview

A vulnerability exists in the Microsoft Windows 2000 Service Control Manager which could allow local users to gain control of the system.

Description

A vulnerability exists in the Service Control Manager (SCM) function. This function creates named pipes for system services. More information on this problem is available from Microsoft at:

http://www.microsoft.com/technet/security/bulletin/ms00-053.asp

Impact

An attacker can execute code with the privileges of any other user on the machine, including the administrator or the system itself.

Solution

Apply the patch described in http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23432

Vendor Information

31607
 
Expand all

Microsoft Affected

Updated:  May 09, 2001

Status

Affected

Vendor Statement

Microsoft has published a security document regarding this vulnerability, the contents of which can be found at http://www.microsoft.com/technet/security/bulletin/ms00-053.asp

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Our thanks to Microsoft for the information contained in their bulletin.

This document was written by Ian A. Finlay.

Other Information

CVE IDs: CVE-2000-0737
Severity Metric: 8.66
Date Public: 2000-08-02
Date First Published: 2001-05-09
Date Last Updated: 2001-05-10 13:44 UTC
Document Revision: 14

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis