CVE-2002-2077
First published: Tue Dec 31 2002(Updated: )
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | ||
| Microsoft Windows 2000 | =sp2 | |
| Microsoft Windows 2000 | =sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-2077?
CVE-2002-2077 is considered a medium severity vulnerability due to the potential for sensitive information leakage.
How do I fix CVE-2002-2077?
To fix CVE-2002-2077, upgrade to Windows 2000 Service Pack 3 or later.
What versions of Windows are affected by CVE-2002-2077?
CVE-2002-2077 affects Windows 2000 and its Service Packs 1 and 2.
What kind of attack does CVE-2002-2077 facilitate?
CVE-2002-2077 allows remote attackers to sniff session data and potentially obtain sensitive information.
Is there a workaround for CVE-2002-2077?
The primary mitigation for CVE-2002-2077 is to upgrade the system, as there are no effective workarounds.
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- agent/source
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp2
- version/microsoft windows 2000/sp1