Lucene search

[email protected]CVE-2002-2077

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-2077

2022-10-0316:23:49

[email protected]

web.nvd.nist.gov

cve-2002-2077

dcom

windows 2000

sp3

memory

alter context

remote attackers

sensitive information

session sniffing

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.9%

JSON

The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an “alter context” request, which may allow remote attackers to obtain sensitive information by sniffing the session.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*

References

support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq300367

www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm

www.iss.net/security_center/static/8739.php

www.securityfocus.com/bid/4410

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.9%

JSON

Related for CVE-2002-2077

cvelist1 nvd1