Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1517

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2001-1517
Last Modified 05 Sep 2008 04:26:45
Published 31 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1517

Summary

** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


References

XF - win2k-runas-reveal-information(7531)

VULNWATCH - 20011112 RADIX1112200102

BID - 3184

BUGTRAQ - 20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103


Last Updated: 27 May 2016 10:36:42