CVE-2001-0860

Name of the Vulnerable Software and Affected Versions Windows 2000 and XP (affected versions not specified)

Description The issue concerns the Terminal Services Manager MMC, which trusts the Client Address (IP address) provided by the client instead of obtaining it from the packet headers. This allows clients to spoof their public IP address, for example, through a Network Address Translation (NAT).

Recommendations For Windows 2000 and XP, consider restricting access to the Terminal Services Manager MMC to minimize the risk of IP address spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.