PT-2001-2026 · Microsoft · Windows 2000+2

Published

2001-12-06

Updated

2017-10-10

CVE-2001-0860

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Windows 2000 and XP (affected versions not specified)

Description The issue concerns the Terminal Services Manager MMC, which trusts the Client Address (IP address) provided by the client instead of obtaining it from the packet headers. This allows clients to spoof their public IP address, for example, through a Network Address Translation (NAT).

Recommendations For Windows 2000 and XP, consider restricting access to the Terminal Services Manager MMC to minimize the risk of IP address spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0860

Affected Products

Terminal Services Manager Mmc

Windows 2000

Windows Xp

PT-2001-2026 · Microsoft · Windows 2000+2

CVE-2001-0860

Related Identifiers

Affected Products

References · 4