Skip to content
Saturday, December 6, 2025
Critical Published: Apr 14, 2000 Modified: Apr 03, 2025

CVE-2000-1218

9.8 CVSS SCORE
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Share:

Description

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Affected Software Configurations

  • o microsoft windows_2000 - * * * * * * *
  • o microsoft windows_98 - * * * * * * *
  • o microsoft windows_98se - * * * * * * *
  • o microsoft windows_nt 4.0 * * * * * * *
  • o microsoft windows_xp - * * * * * * *

Weaknesses (CWE)

  • CWE-346

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More
← Back to CVE Tracker