CVE-1999-1087

Published: Dec 31, 1999Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

Affected (3)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 4.0.1
Microsoft Internet Explorer	Version 4.0.1 sp1
Microsoft Internet Explorer	Version 4.0

References (10)

http://support.microsoft.com/support/kb/articles/q168/6/17.asp

Source: cve@mitre.org

PatchVendor Advisory

http://www.microsoft.com/Windows/Ie/security/dotless.asp

Source: cve@mitre.org

http://www.osvdb.org/7828

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-016

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/2209

Source: cve@mitre.org

http://support.microsoft.com/support/kb/articles/q168/6/17.asp

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.microsoft.com/Windows/Ie/security/dotless.asp

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/7828

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-016

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/2209

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.