Vulnerability Description
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
References
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6664
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6664
FAQ
What is CVE-2001-0350?
CVE-2001-0350 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with...
How severe is CVE-2001-0350?
CVE-2001-0350 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0350?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000.