CVE-2002-2077

The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm	Patch Vendor Advisory
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q300367	Patch
http://www.securityfocus.com/bid/4410	Patch
http://www.iss.net/security_center/static/8739.php	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::sp1::::::*
	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2000::sp2::::::*

Information

Published : 2002-12-30 21:00

Updated : 2019-04-30 07:27

NVD link : CVE-2002-2077

Mitre link : CVE-2002-2077

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

windows_2000

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm", "name": "20020402 Windows 2000 DCOM clients may leak sensitive information onto the network", "tags": ["Patch", "Vendor Advisory"], "refsource": "BINDVIEW"}, {"url": "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q300367", "name": "Q300367", "tags": ["Patch"], "refsource": "MSKB"}, {"url": "http://www.securityfocus.com/bid/4410", "name": "4410", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/8739.php", "name": "win2k-dcom-memory-leak(8739)", "tags": ["Patch"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an \"alter context\" request, which may allow remote attackers to obtain sensitive information by sniffing the session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-2077", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-04-30T14:27Z"}

5.0 /10