CVE-2001-0349

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000

Description The issue concerns the Microsoft Windows 2000 telnet service, which creates named pipes with predictable names and fails to properly verify them. This allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it.

Recommendations For Microsoft Windows 2000, consider restricting access to the telnet service until a fix is available. As a temporary workaround, avoid using the telnet service for executing commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.