Vulnerability Description
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
References
- http://www.kb.cert.org/vuls/id/587587US Government Resource
- http://www.securityfocus.com/bid/2849
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6664
- http://www.kb.cert.org/vuls/id/587587US Government Resource
- http://www.securityfocus.com/bid/2849
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6664
FAQ
What is CVE-2001-0349?
CVE-2001-0349 is a vulnerability with a CVSS score of 7.2 (HIGH). Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with...
How severe is CVE-2001-0349?
CVE-2001-0349 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0349?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000.