CyberSec.Space Logo
Back to CVE Browser

CVE-2001-0860

HIGH
7.5
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile37.80th
PublishedDec 6, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 2000

All versions
πŸ’»
Microsoft

Windows Xp

All versions

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=100578220002083&w=2
πŸ”— http://www.securityfocus.com/bid/3541
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/7538
πŸ”— http://marc.info/?l=bugtraq&m=100578220002083&w=2
πŸ”— http://www.securityfocus.com/bid/3541
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/7538

Related Vulnerabilities

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2000-006110.0

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document h...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...