CVE-1999-1087 — Microsoft Internet Explorer vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

9.0%

top 7.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedDec 31

Latest updateApr 20

Description

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer4.0, 4.0.1+1

Patches

Patch: support.microsoft.com ↗Patch: support.microsoft.com ↗

🔴Vulnerability Details

VulDB

Microsoft Internet Explorer 4.0/4.0.1 Dotless IP Address URL privileges management (MS98-016 / XFDB-2209)↗2026-04-20

▶

GHSA

GHSA-9rv3-rxw8-xr7c: Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Loca↗2022-04-30

▶