CVE-2000-1218
— CWE-346
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Published: 2000-04-14T04:00:00.000
- Last modified: 2025-04-03T01:03:51.193
- CWE: CWE-346
CVE-2000-1218 — The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [Severity (CVSS) 9.8 · Weakness: CWE-346]
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No vendor taxonomy on this entry.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
🧠 Explainer: What this vulnerability means
Summary: the product from the vendor is impacted (CWE: unspecified).
Impact: Attackers could gain unauthorized access, execute code, or disrupt services.
Mitigation: Prioritize patching and consider temporary workarounds documented by the vendor.
No vendor/product data yet.
- http://www.kb.cert.org/vuls/id/458659 [Third Party Advisory, US Government Resource]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4280 [Third Party Advisory, VDB Entry]
- http://www.kb.cert.org/vuls/id/458659 [Third Party Advisory, US Government Resource]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4280 [Third Party Advisory, VDB Entry]
No explicit mitigation/advisory links found in references.