The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/458659 | Third Party Advisory US Government Resource |
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
08 Feb 2024, 20:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-346 | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/458659 - Third Party Advisory, US Government Resource | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/4280 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:*:alpha:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha:*:*:*:*:* cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha:*:*:*:*:* cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:* cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:* |
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:* |
Information
Published : 2000-04-14 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2000-1218
Mitre link : CVE-2000-1218
CVE.ORG link : CVE-2000-1218
JSON object : View
Products Affected
microsoft
- windows_xp
- windows_nt
- windows_98se
- windows_98
- windows_2000
CWE
CWE-346
Origin Validation Error