Vulnerabilities > CVE-2001-0664 - Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Microsoft Internet Explorer 5 Zone Spoofing Vulnerability. CVE-2001-0664. Remote exploit for windows platform |
| id | EDB-ID:21118 |
| last seen | 2016-02-02 |
| modified | 2001-10-10 |
| published | 2001-10-10 |
| reporter | kikkert security |
| source | https://www.exploit-db.com/download/21118/ |
| title | Microsoft Internet Explorer 5 Zone Spoofing Vulnerability |
Seebug
| bulletinFamily | exploit |
| description | CVE CAN ID : CAN-2001-0664 Microsoft Internet Explorer的安全性依赖于不同的安全区域,即局域网和广域网区 域,这些安全区域可以有关于脚本和ActiveX控件执行的不同安全设置,很多个人和企 业用户都是依赖这些区域来定制对ActiveX控件的执行的。一般来说,局域网的安全级 别比较低,而广域网就比较高。 发现Microsoft Internet Explorer存在安全缺陷,如果使用数字形式的IP地址表示方法(不包含'.'),我们就可能绕过这些区域,欺骗浏览器相信我们是在局域网中,这就可能导致一些本来 不允许执行的脚本或ActiveX控件得到执行。 利用这个漏洞,恶意站点管理员可能在浏览其站点的机器上读取文件,放置木马或者是 修改数据,这取决于局域网的安全设置。 Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 厂商补丁: 微软已经为此发布了一个安全公告(MS01-051)以及相应补丁程序: <a href=http://www.microsoft.com/technet/security/bulletin/MS01-051.asp target=_blank>http://www.microsoft.com/technet/security/bulletin/MS01-051.asp</a> 补丁下载: 补丁下载: <a href=http://www.microsoft.com/windows/ie/downloads/critical/q306121/default.asp target=_blank>http://www.microsoft.com/windows/ie/downloads/critical/q306121/default.asp</a> 注: IE 5.01补丁可被安装在使用IE 5.01 Service Pack 2的系统中。 IE 5.5补丁可被安装在使用IE 5.5 Service Pack 2的系统中。 |
| id | SSV:3640 |
| last seen | 2017-11-19 |
| modified | 2008-07-16 |
| published | 2008-07-16 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-3640 |
| title | Microsoft IE 浏览器数字IP地址区域欺骗漏洞(MS01-051) |