CVE-2000-1218
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Apr 14, 2000
Updated: Feb 8, 2024
CWE ID 346
Summary
CVE-2000-1218 is a vulnerability affecting Microsoft Windows 98, NT 4.0, 2000, and XP. The issue lies in the default configuration of the domain name resolver, which sets the QueryIpMatching parameter to 0. This misconfiguration allows remote attackers to poison a system's DNS cache by sending malicious updates to the Windows resolver, even if the system did not initiate a query from the attacking host. This can lead to redirecting users to malicious websites, intercepting communication, or launching further attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Microsoft Windows NT
- Microsoft Windows XP
- Microsoft Windows 2000
- Microsoft Windows 98 Plus Pack
Affected Vendors
- Microsoft