[原文]Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.
Microsoft Internet Explorer contains a flaw related to the way dotless IP addresses are classified with respect to their security zone. This flaw may allow an attacker to have Internet Explorer interpret an site of the Internet security zone as a site of the Intranet security zone and therefore execute in a context of lower security.
Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s):
increase the security settings of the Intranet security zone to match the security settings of the Internet security zone.