CVE-2001-1519

Windows 2000 - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1519. PoCs published by Camisade.

AI-analyzed exploit summary This exploit creates a named pipe to intercept credentials sent in cleartext by the Windows 2000 RunAs service. It demonstrates the vulnerability by impersonating the service and capturing user credentials when the service is stopped.

Description

RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it

Exploits (1)

exploitdb WORKING POC VERIFIED
by Camisade · clocalwindows
https://www.exploit-db.com/exploits/21069

This exploit creates a named pipe to intercept credentials sent in cleartext by the Windows 2000 RunAs service. It demonstrates the vulnerability by impersonating the service and capturing user credentials when the service is stopped.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Windows 2000 RunAs service
No auth needed
Prerequisites: RunAs service must be stopped · Attacker must have local access to create a named pipe
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/240136
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/236111
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7532.php
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3185

Scores

EPSS 0.0599
EPSS Percentile 92.4%

Details

Status published
Products (1)
microsoft/windows_2000
Published Dec 31, 2001
Tracked Since Feb 18, 2026