CVE-2002-2077 : The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, whi

The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.

Published 2002-12-31 05:00:00

Updated 2019-04-30 14:27:14

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2002-2077

Probability of exploitation activity in the next 30 days: 0.24%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-2077

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2002-2077

http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm

Patch;Vendor Advisory
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q300367

Patch
http://www.iss.net/security_center/static/8739.php

Patch
http://www.securityfocus.com/bid/4410

Patch

Products affected by CVE-2002-2077

Microsoft » Windows 2000 » Update SP1
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-2077

Exploit prediction scoring system (EPSS) score for CVE-2002-2077

CVSS scores for CVE-2002-2077

References for CVE-2002-2077

Products affected by CVE-2002-2077