RE: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash

From: kajbaf (kajbaf_at_cse.shirazu.ac.ir)
Date: 04/29/03

  • Next message: Lucas Holt: "Re: Windows Server 2003 Security Guide available"
    To: <bugtraq@securityfocus.com>
    Date: Tue, 29 Apr 2003 21:57:34 +0330
    
    

    > -----Original Message-----
    > From: Gervaize Maquard [mailto:freestyler@tiscali.fr]
    > Sent: Wednesday, April 23, 2003 12:00 AM
    > To: bugtraq@securityfocus.com
    > Subject: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash
    >
    >
    > Original message :
    >
    > >Hola:
    > >Well, as it seems that is the Microsoft Crash mounth, let see another
    > one:
    > >---------------------------------
    > ><html>
    > ><form>
    > ><input type crash>
    > ></form>
    > ></html>
    > >---------------------------------
    > >This will crash IE with the following error:
    > >"Unhandled exception in iexplore.exe (SHLWAPI.DLL):
    > 0xC0000005: Access
    > >Violation" It's a null pointer overwrite, so it's not easly
    > >exploitable...
    >
    > >This HTML also crash Outlook, Frontpage, and all the
    > Microsoft programs
    > that >use the shlwapi.dll library to render web code.
    > >Plain HTML is a dangerous language :)
    >
    > Added :
    >
    > It also seems to crash explorer.exe when the .html file
    > containing the code is copied into any folder !! It may work
    > since windows is trying to create a view in Windows explorer.
    > Indeed, it doesn't work when the file is copied in the desktop.
    >
    > Tested on Windows XP with Office XP.
    >

            Not only on winXP; it has the same effect on win2000 server and
    advanced server; windows.NET advanced server & interprise server RC1;
    RC2 & the release version. With office XP or 2000 or without them.
    Of course you could delete the file through the command prompt. :D
            Another interesting thing; in win2000 and winXP, the browser (
    iexplore or explorer or ... ) hangs & shows the message that send this
    error to microsoft & restart the browser.
    In win.NET it crashes the browser & restarts it without any message.
    But.....
            After u log off & again log on; it now shows the messages to
    you; one by one.
    It shows the stability of .NET system that keeps the messages for u. :))


  • Next message: Lucas Holt: "Re: Windows Server 2003 Security Guide available"

    Relevant Pages

    • Re: 2007 crash crash crash
      ... I have never had SolidWorks "Crash, Crash, Crash", but one can imagine ... that if it is happening, and someone is not as well versed in Windows, ... Microsoft is apparently modularising their new OS, Vista, so MS sees ... <blah, blah, blah> ...
      (comp.cad.solidworks)
    • Re: 2007 crash crash crash
      ... I have never had SolidWorks "Crash, Crash, Crash", but one can imagine ... that if it is happening, and someone is not as well versed in Windows, ... Microsoft is apparently modularising their new OS, Vista, so MS sees ... <blah, blah, blah> ...
      (comp.cad.solidworks)
    • Re: Crashes when clock year is five digit
      ... integrity of the system file set. ... aka "Nutcase" - Microsoft MVP ... Windows help - www.rickrogers.org ... > - Skype would crash on startup. ...
      (microsoft.public.windowsxp.general)
    • Re: 406 Not Acceptable
      ... Getting stuff not to crash or hang Windows ... more than that to crash a Vista system, then Microsoft really has ... My first exposure to Microsoft was with their Fortran compiler for ...
      (rec.arts.sf.written)
    • Re: Oracle on Windows vs Solaris or Linux ?
      ... ..and I posted what I found in 30 seconds on the MICROSOFT website. ... If you are going to nit pick - I said the MICROSOFT website, ... And for there to be a solitary KB article that has the text Windows Advanced Server 2003 in it - does that not tell you something? ...
      (comp.databases.oracle.server)