Description
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/4280
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/458659
Scores
CVSS v3
9.8
EPSS
0.0609
EPSS Percentile
92.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-346
Status
published
Products (5)
microsoft/windows_2000
microsoft/windows_98
microsoft/windows_98se
microsoft/windows_nt
4.0
microsoft/windows_xp
Published
Apr 14, 2000
Tracked Since
Feb 18, 2026