cbcvebase.
CVE-2006-0988
published 2006-03-03

CVE-2006-0988: The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows…

PriorityP343high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
54.79%
98.9th percentile
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftwindows_2003_server
microsoftwindows_nt

Detection & IOCsextracted from sources · hover to see the quote

  • Target DNS servers that allow recursive queries from arbitrary IP addresses — a key enabler of the amplification attack described in CVE-2006-0988.
  • Scan for DNS servers exposing recursive name lookups, as used in amplification attacks against third parties.
  • ·Affected platforms include Windows Server 2003, Windows 2000 (DNS Server service default config), and Windows NT 4.0 (Microsoft DNS Server service) — all with recursive queries enabled by default.
  • ·The attack vector relies on spoofed source IP addresses in DNS queries to redirect amplified traffic at victims — standard source IP validation (BCP38) would mitigate abuse.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.