CVE-2002-2077

The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq300367
http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm	Patch Vendor Advisory
http://www.iss.net/security_center/static/8739.php	Patch
http://www.securityfocus.com/bid/4410	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2000::sp1::::::*
	cpe:2.3:o:microsoft:windows_2000::sp2::::::*

History

07 Nov 2023, 01:56

Type	Values Removed	Values Added
References	~~{'url': 'http://support.microsoft.com/default.aspx?scid=kb;EN-US;q300367', 'name': 'Q300367', 'tags': ['Patch'], 'refsource': 'MSKB'}~~	() http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq300367 -

Information

Published : 2002-12-31 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2002-2077

Mitre link : CVE-2002-2077

CVE.ORG link : CVE-2002-2077

JSON object : View

Products Affected

microsoft

windows_2000

CWE

NVD-CWE-Other

{"id": "CVE-2002-2077", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq300367", "source": "cve@mitre.org"}, {"url": "http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8739.php", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4410", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an \"alter context\" request, which may allow remote attackers to obtain sensitive information by sniffing the session."}, {"lang": "es", "value": "El cliente DCOM en Windows 2000 anterior al SP3 no borra la memoria correctamente antes de enviar una solicitud de \"alterar contexto\", lo que puede permitir a los atacantes remotos obtener informaci\u00f3n sensible mediante el sniffing de la sesi\u00f3n."}], "lastModified": "2023-11-07T01:56:08.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53"}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}