PT-2005-3082 · Microsoft · Windows 2000+1

Jean-Baptiste Marchand

Published

2005-07-11

Updated

2017-07-11

CVE-2005-2150

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Windows NT 4.0 Windows 2000 before URP1 for Windows 2000 SP4

Description: The issue allows remote attackers to list Windows services via svcctl or read event logs via eventlog due to improper prevention of NULL sessions from accessing certain alternate named pipes.

Recommendations: For Windows NT 4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Windows 2000 before URP1 for Windows 2000 SP4, apply the URP1 update for Windows 2000 SP4 to resolve the issue.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2150

Affected Products

Windows 2000

Windows Nt 4.0

PT-2005-3082 · Microsoft · Windows 2000+1

CVE-2005-2150

Related Identifiers

Affected Products

References · 9