Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://support.microsoft.com/support/kb/articles/q168/6/17.asp - Patch, Vendor Advisory | |
References | () http://www.microsoft.com/Windows/Ie/security/dotless.asp - | |
References | () http://www.osvdb.org/7828 - | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-016 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/2209 - |
Information
Published : 1999-12-31 05:00
Updated : 2024-11-20 23:30
NVD link : CVE-1999-1087
Mitre link : CVE-1999-1087
CVE.ORG link : CVE-1999-1087
JSON object : View
Products Affected
microsoft
- internet_explorer
CWE