Back

CVE-1999-0909

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

Published: Sep 20, 1999 Modified: Apr 16, 2026

CWE-264

CVSS Metrics

Affected Products (10)

Vendor	Product	Version
microsoft	terminal_server	*
microsoft	windows_95	0a
microsoft	windows_95	0b
microsoft	windows_98se	*
microsoft	windows_nt	4.0
microsoft	windows_nt	4.0
microsoft	windows_nt	4.0
microsoft	windows_nt	4.0
microsoft	windows_nt	4.0
microsoft	windows_nt	4.0

GitHub Security Advisory GHSA-wrg2-pxvh-4rg2

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a...

References (6)

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238453
http://www.securityfocus.com/bid/646
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-038
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238453
http://www.securityfocus.com/bid/646
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-038

Risk Scores

CVSS Score 7.5 / 10

EPSS Score 4.28%

Top 11% most likely to be exploited

Threat Score 31.3 / 100

Data Sources

NVD EPSS GitHub