Task Manager Vulnerability in Windows 2000
CVE-2001-1238

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows 2000 Terminal Services
Windows 2000
Vendor
CVE Published:
16 July 2001

Summary

The Task Manager in Windows 2000 contains a flaw that prevents local users from terminating certain critical system processes with uppercase names, such as winlogon.exe, csrss.exe, smss.exe, and services.exe. This limitation may enable local users to install malicious software, including Trojan horses, which remain active and undetectable within the system due to the inability to stop them using the Task Manager.

References

http://www.securityfocus.com/archive/1/197195
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/3033
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/6919
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.