VULHUB ™

Microsoft Distributed Component Object Model (DCOM) can be used to support COM communication. A vulnerability has been reported with the DCOM client included with Windows 2000. Under some circumstances, when the DCOM client sends a request, uninitialized memory is included in the transmitted data. This data is normally ignored by the server, having no impact on application performance. However, the data may include uninitialized areas of server memory, and lead to the disclosure of sensitive information. At this time, the memory data disclosed is believed to be essentially random. An attacker must, at best, hope that sensitive information will be included in the client message by chance.

Microsoft Distributed Component Object Model (DCOM) can be used to support COM communication. A vulnerability has been reported with the DCOM client included with Windows 2000. Under some circumstances, when the DCOM client sends a request, uninitialized memory is included in the transmitted data. This data is normally ignored by the server, having no impact on application performance. However, the data may include uninitialized areas of server memory, and lead to the disclosure of sensitive information. At this time, the memory data disclosed is believed to be essentially random. An attacker must, at best, hope that sensitive information will be included in the client message by chance.