Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1517


Vulnerability Score 2.1 2.1
CVE Id CVE-2001-1517
Last Modified 05 Sep 2008 04:26:45
Published 31 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


XF - win2k-runas-reveal-information(7531)

VULNWATCH - 20011112 RADIX1112200102

BID - 3184

BUGTRAQ - 20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103

Last Updated: 27 May 2016 10:36:42