Last Modified: April 30, 2019
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Base Score: 5.0
Exploitability Score: 10.0
Impact Score: 2.9
CVSS V2: AV:N/AC:L/Au:N/C:P/I:N/A:N
NVD-CWE-Other
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:* Part: o Vendor: microsoft | Alle Schwachstellen für microsoft | |
| cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* Part: o Vendor: microsoft | Alle Schwachstellen für microsoft | |
| cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* Part: o Vendor: microsoft | Alle Schwachstellen für microsoft | |
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*"/>
</set>
<prop key="program_influence" value="input"/>
<prop key="range" value="remote"/>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*"/>
</set>
<prop key="program_influence" value="input"/>
<prop key="data" value="any"/>
<prop key="data_influence" value="read"/>
<prop key="range" value="remote"/>
</set>