CVE-2004-0284

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

Published: Nov 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0284
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / ie	6.0-sp1	6.0-sp1.x
microsoft / outlook	2003	2003.x
microsoft / outlook	2002-sp2	2002-sp2.x
microsoft / outlook	2002-sp1	2002-sp1.x
microsoft / outlook	2002	2002.x
microsoft / internet_explorer	6.0	6.0.x

http://marc.info/?l=bugtraq&m=107643134712133&w=2
http://www.securityfocus.com/bid/9629
https://exchange.xforce.ibmcloud.com/vulnerabilities/15127

Vulnerability Database

CVE-2004-0284

Deep Security Visibility Without the Complexity