[原文]The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.
Microsoft IE OutlookExpress.AddressBook COM Object NULL Dereference
Local Access Required
Denial of Service
Loss of Availability
Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when a COM object in OutlookExpress.AddressBook is referred to a null pointer, and will result in loss of availability for the service.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.