CVE-2000-1218Origin Validation Error in Microsoft Windows NT

CWE-346Origin Validation Error3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.2%
top 15.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Windows NT
Timeline
PublishedApr 14
Latest updateApr 30

Description

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wwpq-hgfx-qq8x: The default configuration for the domain name resolver for Microsoft Windows 98, NT 42022-04-30
CVEList
CVE-2000-1218: The default configuration for the domain name resolver for Microsoft Windows 98, NT 42005-04-21
CVE-2000-1218 — Origin Validation Error in Microsoft | cvebase