| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <95677E8C5533894F98197250AE3FAABE6344@paperless.pls.shirazu.ac.ir> Date: Tue, 29 Apr 2003 21:57:34 +0330 From: "kajbaf" <kajbaf@....shirazu.ac.ir> To: <bugtraq@...urityfocus.com> Subject: RE: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash > -----Original Message----- > From: Gervaize Maquard [mailto:freestyler@...cali.fr] > Sent: Wednesday, April 23, 2003 12:00 AM > To: bugtraq@...urityfocus.com > Subject: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash > > > Original message : > > >Hola: > >Well, as it seems that is the Microsoft Crash mounth, let see another > one: > >--------------------------------- > ><html> > ><form> > ><input type crash> > ></form> > ></html> > >--------------------------------- > >This will crash IE with the following error: > >"Unhandled exception in iexplore.exe (SHLWAPI.DLL): > 0xC0000005: Access > >Violation" It's a null pointer overwrite, so it's not easly > >exploitable... > > >This HTML also crash Outlook, Frontpage, and all the > Microsoft programs > that >use the shlwapi.dll library to render web code. > >Plain HTML is a dangerous language :) > > Added : > > It also seems to crash explorer.exe when the .html file > containing the code is copied into any folder !! It may work > since windows is trying to create a view in Windows explorer. > Indeed, it doesn't work when the file is copied in the desktop. > > Tested on Windows XP with Office XP. > Not only on winXP; it has the same effect on win2000 server and advanced server; windows.NET advanced server & interprise server RC1; RC2 & the release version. With office XP or 2000 or without them. Of course you could delete the file through the command prompt. :D Another interesting thing; in win2000 and winXP, the browser ( iexplore or explorer or ... ) hangs & shows the message that send this error to microsoft & restart the browser. In win.NET it crashes the browser & restarts it without any message. But..... After u log off & again log on; it now shows the messages to you; one by one. It shows the stability of .NET system that keeps the messages for u. :))
Powered by blists - more mailing lists