vbscript.dll regular expression object (RegExp) memory leak

From: g g (ggo2222_at_YAHOO.COM)
Date: 02/27/05

  • Next message: robert_at_WEBAPPSEC.ORG: "WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein"
    Date:         Sun, 27 Feb 2005 05:51:41 -0800
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Hello,

    The following vbscript, which uses the RegExp object,
    causes memory leak (tested under Windows XP SP2 with
    Script Engine V5.6); when you run it, locate the
    associated wscript.exe or cscript.exe process in the
    Windows task manager, then click "OK" in the "Start"
    message box, and see how the "Mem Usage" value grows
    in the task manager.

    Dim PatternStr
    Dim oRegExp
    Dim oMatches

    PatternStrBuggy = "^(?:\<([0-9]+)\>)?(?:([A-Za-z]+)
    )?(?:([\d ]\d) )?(?:(\d+)
    )?(?:([0-9]+:[0-9]+:[0-9]+(?:\.[0-9]+)?) )?(?:([^ :]+)
    )?((?:(?:([^ \[\:]+)(?:\[([0-9]+)\])?:)? )?(.*))"
    strng = "c"

    Set oRegExp = New RegExp
    oRegExp.Global = true
    oRegExp.Multiline = true
    oRegExp.Pattern = PatternStrBuggy
    On Error Resume Next
    MsgBox "start"
    For i=1 to 10000000
            Set oMatches = oRegExp.Execute(strng)
    Next
    MsgBox "stop"

    *** end of mail ***

    __________________________________
    Do you Yahoo!?
    Yahoo! Mail - Easier than ever with enhanced search. Learn more.
    http://info.mail.yahoo.com/mail_250

    --
    NTBugtraq Editor's Note:
    Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
    --
    

  • Next message: robert_at_WEBAPPSEC.ORG: "WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein"