[原文]Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
Microsoft IE Dotless IP Address Zone Privilege Escalation
Remote / Network Access
Loss of Integrity
Microsoft Internet Explorer contains a flaw related to the way dotless IP addresses are handled with respect to their security zone. This flaw may allow an attacker to have Internet Explorer interpret a site of the Internet security zone as a site of the Intranet security zone and therefore execute in a context of lower security.
Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s):
increase the security settings of the Intranet security zone to match the security settings of the Internet security zone.