Lucene search

MitreCVE-2001-1517

HistoryJul 14, 2005 - 4:00 a.m.

CVE-2001-1517

2005-07-1404:00:00

mitre

web.nvd.nist.gov

cve-2001-1517

windows 2000

runas

authentication weakness

memory leak

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.04

Percentile

92.2%

JSON

RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information

Affected configurations

Nvd

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::::::::
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp1::::::*
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp2::::::*

References

archives.neohapsis.com/archives/vulnwatch/2001-q4/0041.html

cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html

www.iss.net/security_center/static/7531.php

www.securityfocus.com/bid/3184

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.04

Percentile

92.2%

JSON

Related for CVE-2001-1517