CVE-1999-1087

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

Published: Dec 31, 1999
Updated: Apr 13, 2023
CVE: CVE-1999-1087
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	4.0	4.0.x
microsoft / internet_explorer	4.0.1	4.0.1.x
microsoft / internet_explorer	4.0.1-sp1	4.0.1-sp1.x

http://support.microsoft.com/support/kb/articles/q168/6/17.asp
http://www.microsoft.com/Windows/Ie/security/dotless.asp
http://www.osvdb.org/7828
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-016
https://exchange.xforce.ibmcloud.com/vulnerabilities/2209

Vulnerability Database

289,599

CVE-1999-1087