CVE-2001-1518

Windows 2000 - Denial of Service via RunAs Named Pipe Session

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1518. PoCs published by Camisade.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) condition in the Windows 2000 RunAs service by opening a named pipe session, preventing other clients from connecting. It leverages the secondarylogon pipe to block legitimate access.

Description

RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Camisade · cdoswindows
https://www.exploit-db.com/exploits/21099

This exploit demonstrates a denial-of-service (DoS) condition in the Windows 2000 RunAs service by opening a named pipe session, preventing other clients from connecting. It leverages the secondarylogon pipe to block legitimate access.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Windows 2000 RunAs service
No auth needed
Prerequisites: Access to the target system's named pipe
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources mailing-list x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3291
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7533.php
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/236113

Scores

EPSS 0.0563
EPSS Percentile 92.0%

Details

Status published
Products (1)
microsoft/windows_2000 (3 CPE variants)
Published Dec 31, 2001
Tracked Since Feb 18, 2026