Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0664

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0664
Last Modified 05 Sep 2008 04:24:38
Published 30 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0664

Summary

Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.5


References

MS - MS01-051

XF - ie-incorrect-security-zone(7258)

BID - 3420

OSVDB - 1971

MISC - http://morph3us.org/blog/?p=31

BUGTRAQ - 20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing


Last Updated: 27 May 2016 10:36:21