CVE-2001-1347

Windows 2000 - Denial of Service and Privilege Escalation via Hardware Breakpoint Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1347. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit leverages a vulnerability in Windows 2000's debug register handling to terminate arbitrary processes without administrative privileges. It specifically targets LSASS.EXE to achieve privilege escalation by impersonating a named pipe client.

Description

Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Georgi Guninski · clocalwindows
https://www.exploit-db.com/exploits/20880

This exploit leverages a vulnerability in Windows 2000's debug register handling to terminate arbitrary processes without administrative privileges. It specifically targets LSASS.EXE to achieve privilege escalation by impersonating a named pipe client.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Microsoft Windows 2000
No auth needed
Prerequisites: Knowledge of target process PID (LSASS.EXE) · Specific ESP address in LSASS.EXE
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/6590.php
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2764
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html

Scores

EPSS 0.0285
EPSS Percentile 84.9%

Details

Status published
Products (1)
microsoft/windows_2000 (2 CPE variants)
Published May 24, 2001
Tracked Since Feb 18, 2026