Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2000-1218

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

Published

2000-04-14T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-346

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microsoft	windows_2000	-	Yes
Operating System	microsoft	windows_98	-	Yes
Operating System	microsoft	windows_98se	-	Yes
Operating System	microsoft	windows_nt	4.0	Yes
Operating System	microsoft	windows_xp	-	Yes

References

http://www.kb.cert.org/vuls/id/458659 Third Party Advisory, US Government Resource ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280 Third Party Advisory, VDB Entry ([email protected])
http://www.kb.cert.org/vuls/id/458659 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)