CVE-2001-1452

HIGH

Windows NT 4.0/2000 - Info Disclosure

Title source: llm

Description

By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.

References (4)

[Broken Link, Patch, Vendor Advisory] http://support.microsoft.com/default.aspx?scid=KB%3Ben-us%3Bq241352

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/109475

[Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/6791

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/3675

Scores

CVSS v3 7.5

EPSS 0.0403

EPSS Percentile 88.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-346

Status draft

Affected Products (2)

microsoft/windows_2000

microsoft/windows_nt

Timeline

Published Aug 31, 2001

Tracked Since Feb 18, 2026