CVE DATABASE / CVE-2000-1218

CVE-2000-1218

CVSS 9.8 · CRITICAL

Summary

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

CVSS 3.1 breakdown

Base score	9.8 (CRITICAL)
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-346

Affected products

Microsoft windows 2000Microsoft windows 98Microsoft windows 98seMicrosoft windows ntMicrosoft windows xp

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

http://www.kb.cert.org/vuls/id/458659
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280

Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.