CVE-2004-0284 — Microsoft IE vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

8.6%

top 7.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer Microsoft Outlook

Timeline

PublishedNov 23

Latest updateApr 29

Description

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmicrosoft/outlook2002, 2003+1

▶NVDmicrosoft/internet_explorer6.0

▶NVDmicrosoft/ie6.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-f6cc-5mf4-hmhc: Microsoft Internet Explorer 6↗2022-04-29

▶

CVEList

CVE-2004-0284: Microsoft Internet Explorer 6↗2004-03-18

▶