Exploitation Summary
EIP tracks 1 public exploit for CVE-2001-0664. PoCs published by kikkert security.
AI-analyzed exploit summary This is a writeup describing a vulnerability in Microsoft Internet Explorer where converting an IP address to a dotless DWORD format and using URL encoding for the '@' symbol can bypass zone security settings, allowing a site to be treated as Local Intranet instead of Internet Zone.
Description
Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."
Exploits (1)
This is a writeup describing a vulnerability in Microsoft Internet Explorer where converting an IP address to a dotless DWORD format and using URL encoding for the '@' symbol can bypass zone security settings, allowing a site to be treated as Local Intranet instead of Internet Zone.