Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. To determine the severity level in this instance, refer to the colored dot beside the link to this tutorial on the previous page.
When a telnet session is initiated, the server creates a named pipe, which allows bi-directional communication between two processes. When the named pipe is created, any code associated with the pipe is executed.
The name of the pipe created by a telnet session is predictable. Therefore, an attacker with the ability to load and run code on the server could associate arbitrary code with the predicted named pipe. The next time a telnet session is established, the server would execute the code when the named pipe is created, thus executing the attacker's commands with Local System privileges.
Four unrelated denial-of-service vulnerabilities in Microsoft telnet server could allow a remote attacker to crash the telnet service, prevent legitimate users from accessing the telnet service, or terminate other users' telnet sessions.
By preceding a login name with a specially crafted string of characters, an attacker could cause the telnet server to search all trusted domains for that login name. This vulnerability doesn't allow unauthorized access directly, but does make it easier for an attacker to find any enabled Guest accounts which may be present anywhere within the server's trusted domains.