4.0.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

NVD

Published: 1999-12-31

Updated: 2021-07-22

Summary

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 4.0 Microsoft Internet Explorer 4.0.1	3

References

http://support.microsoft.com/support/kb/articles/q168/6/17.asp
http://www.microsoft.com/Windows/Ie/security/dotless.asp
http://www.osvdb.org/7828
https://exchange.xforce.ibmcloud.com/vulnerabilities/2209
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-016