CVE-2000-1218

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/458659	Third Party Advisory US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:-:::::::*
	cpe:2.3:o:microsoft:windows_98:-:::::::*
	cpe:2.3:o:microsoft:windows_98se:-:::::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*
	cpe:2.3:o:microsoft:windows_xp:-:::::::*

History

08 Feb 2024, 20:47

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_2000::sp3::::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha:::::* cpe:2.3:o:microsoft:windows_2000::sp1::::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha:::::* cpe:2.3:o:microsoft:windows_nt:4.0::alpha::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha:::::* cpe:2.3:o:microsoft:windows_xp::gold:professional::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha:::::* cpe:2.3:o:microsoft:windows_xp::sp2:home::::: cpe:2.3:o:microsoft:windows_xp::sp2:media_center::::: cpe:2.3:o:microsoft:windows_98se:::::::: cpe:2.3:o:microsoft:windows_98::gold::::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::::: cpe:2.3:o:microsoft:windows_xp:::home:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::::: cpe:2.3:o:microsoft:windows_2000::sp2::::::* cpe:2.3:o:microsoft:windows_xp::sp1:home::::: cpe:2.3:o:microsoft:windows_xp:::media_center:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:::::: cpe:2.3:o:microsoft:windows_2000::sp4::::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha:::::* cpe:2.3:o:microsoft:windows_2000:::::::: cpe:2.3:o:microsoft:windows_xp::sp1:media_center:::::	cpe:2.3:o:microsoft:windows_98:-:::::::* cpe:2.3:o:microsoft:windows_98se:-:::::::* cpe:2.3:o:microsoft:windows_xp:-:::::::* cpe:2.3:o:microsoft:windows_2000:-:::::::*
References	~~() http://www.kb.cert.org/vuls/id/458659 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/458659 - Third Party Advisory, US Government Resource
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/4280 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/4280 - Third Party Advisory, VDB Entry
CWE	~~NVD-CWE-Other~~	CWE-346
CVSS	v2 : ~~7.5~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8

Information

Published : 2000-04-14 04:00

Updated : 2024-02-08 20:47

NVD link : CVE-2000-1218

Mitre link : CVE-2000-1218

CVE.ORG link : CVE-2000-1218

JSON object : View

Products Affected

microsoft

windows_98se
windows_2000
windows_nt
windows_xp
windows_98

CWE

CWE-346

Origin Validation Error

9.8 /10