Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1087

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-1999-1087
Last Modified 05 Sep 2008 04:18:41
Published 31 Dec 1999 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1087

Summary

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

Vulnerable Systems

Application

  • Microsoft Ie 4.0

  • Microsoft Ie 4.0.1


References

XF - ie-dotless(2209)

MS - MS98-016

MSKB - Q168617

CONFIRM - http://www.microsoft.com/Windows/Ie/security/dotless.asp

OSVDB - 7828


Last Updated: 27 May 2016 10:35:16