CVE-2000-1218 - CVE Details

Description

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

Severity

Overall Severity: CRITICAL

CVSS Metrics

Type	Score	Severity	Vector
CVSS v3.1	9.8	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`

Affected Products

microsoft - windows_2000

Affected Versions:

microsoft - windows_98

Affected Versions:

microsoft - windows_98se

Affected Versions:

microsoft - windows_nt

Affected Versions:

microsoft - windows_xp

Affected Versions:

References

http://www.kb.cert.org/vuls/id/458659
Third Party AdvisoryUS Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280
Third Party AdvisoryVDB Entry
http://www.kb.cert.org/vuls/id/458659
Third Party AdvisoryUS Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280
Third Party AdvisoryVDB Entry