Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
Software | From | Fixed in |
---|---|---|
microsoft / internet_explorer | 6.0 | 6.0.x |
microsoft / outlook | 2002 | 2002.x |
microsoft / outlook | 2002-sp1 | 2002-sp1.x |
microsoft / outlook | 2002-sp2 | 2002-sp2.x |
microsoft / outlook | 2003 | 2003.x |
microsoft / ie | 6.0-sp1 | 6.0-sp1.x |