Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
BID:9629
Info
Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
Bugtraq ID:
9629
Class:
Design Error
CVE:
CVE-2004-0284
Remote:
Yes
Local:
No
Published:
Feb 10 2004 12:00AM
Updated:
Jul 12 2009 02:06AM
Credit:
Discovery credited to Sasa Kos.
Vulnerable:
Microsoft Outlook 2003 0
+
Microsoft Office 2003 SP3
+
Microsoft Office 2003 SP3
+
Microsoft Office 2003 SP2
+
Microsoft Office 2003 SP2
+
Microsoft Office 2003 SP1
+
Microsoft Office 2003 SP1
+
Microsoft Office 2003 0
+
Microsoft Office 2003 0
Microsoft Outlook 2002 SP2
+
Microsoft Office XP SP2
-
Microsoft Windows 2000 Professional SP3
-
Microsoft Windows 2000 Professional SP3
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Terminal Services SP3
-
Microsoft Windows 2000 Terminal Services SP3
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows XP Home SP1
-
Microsoft Windows XP Home SP1
-
Microsoft Windows XP Home
-
Microsoft Windows XP Home
-
Microsoft Windows XP Professional SP1
-
Microsoft Windows XP Professional SP1
-
Microsoft Windows XP Professional
-
Microsoft Windows XP Professional
Microsoft Outlook 2002 SP1
+
Microsoft Office XP SP1
+
Microsoft Office XP SP1
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows XP Home
-
Microsoft Windows XP Home
-
Microsoft Windows XP Home
-
Microsoft Windows XP Professional
-
Microsoft Windows XP Professional
-
Microsoft Windows XP Professional
Microsoft Outlook 2002 0
+
Microsoft Office XP
+
Microsoft Office XP
+
Microsoft Office XP
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows XP Home
-
Microsoft Windows XP Home
-
Microsoft Windows XP Home
-
Microsoft Windows XP Professional
-
Microsoft Windows XP Professional
-
Microsoft Windows XP Professional
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows XP Home
+
Microsoft Windows XP Home
+
Microsoft Windows XP Home
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
Not Vulnerable:
Discussion
Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
A problem in the handling of URIs with double nulls has been reported in Microsoft Internet Explorer. Because of this, it may be possible for a remote attacker to deny service to legitimate users of an affected system.
Additionally, this option is conjectured to be an issue in a library component within the browser, as this issue affects Microsoft Internet Explorer and Microsoft Outlook. This would also likely affect any other system components that invoke the browser.
Exploit / POC
Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
No exploit required.
Solution / Fix
Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
Solution:
It has been reported that this issue has been resolved in MS04-004. This has not been confirmed by Microsoft or Symantec.
----
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability