Lucene search

[email protected]NVD:CVE-2001-1517

HistoryDec 31, 2001 - 5:00 a.m.

CVE-2001-1517

2001-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.04

Percentile

92.2%

JSON

RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information

Affected configurations

Nvd

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::::::::
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp1::::::*
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp2::::::*

References

archives.neohapsis.com/archives/vulnwatch/2001-q4/0041.html

cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html

www.iss.net/security_center/static/7531.php

www.securityfocus.com/bid/3184

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.04

Percentile

92.2%

JSON

Related for NVD:CVE-2001-1517

cvelist1 cve1