CVE-2000-1218

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 14, 2000
Updated: Feb 8, 2024
CWE ID 346

Summary

CVE-2000-1218 is a vulnerability affecting Microsoft Windows 98, NT 4.0, 2000, and XP. The issue lies in the default configuration of the domain name resolver, which sets the QueryIpMatching parameter to 0. This misconfiguration allows remote attackers to poison a system's DNS cache by sending malicious updates to the Windows resolver, even if the system did not initiate a query from the attacking host. This can lead to redirecting users to malicious websites, intercepting communication, or launching further attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows NT
  • Microsoft Windows XP
  • Microsoft Windows 2000
  • Microsoft Windows 98 Plus Pack

Affected Vendors

  • Microsoft