CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2000-1218

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.kb.cert.org/vuls/id/458659
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280
http://www.kb.cert.org/vuls/id/458659
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280

Products affected by CVE-2000-1218

Microsoft » Windows 2000 » Version: N/A

cpe:2.3:o:microsoft:windows_2000:-
Microsoft » Windows 98 » Version: N/A

cpe:2.3:o:microsoft:windows_98:-
Microsoft » Windows 98se » Version: N/A

cpe:2.3:o:microsoft:windows_98se:-
Microsoft » Windows Nt » Version: 4.0

cpe:2.3:o:microsoft:windows_nt:4.0
Microsoft » Windows Xp » Version: N/A

cpe:2.3:o:microsoft:windows_xp:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2000-1218

Products

Pricing

Contact Us