lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <3972.1062517123@www15.gmx.net>
From: nonleft at gmx.net (nonleft@....net)
Subject: New Microsoft Internet Explorer mshtml.dll Denial of Service?

crashes on my side as well

win XP no packets in place.
so I run my debugger: (sorry german)

Der Thread 'Win32 Thread' (0x818) hat mit Code 0 (0x0) geendet.
Unbehandelte Ausnahme bei 0x00000005 in : 0xC0000005:
Zugriffsverletzung-Leseposition 0x00000005.
Eine Ausnahme (erste Chance) bei 0x00000005 in : 0xC0000005:
Zugriffsverletzung-Leseposition 0x00000005.
Unbehandelte Ausnahme bei 0x00000005 in : 0xC0000005:
Zugriffsverletzung-Leseposition 0x00000005.

well it tries to do a read function in the memory, were it has not business
to do :-)
and this causes the system failure and the program has to be restarted
 
7FFE02FC  add         byte ptr [eax],al 
7FFE02FE  add         byte ptr [eax],al 
7FFE0300  mov         edx,esp 
7FFE0302  sysenter         
7FFE0304  ret              
7FFE0305  pushfd           
7FFE0306  or          dword ptr [esp],100h 
7FFE030D  popfd            
7FFE030E  ret              <---- here comes the downfall :-)
7FFE030F  mov         edx,esp 
7FFE0311  syscall          
7FFE0313  ret              
7FFE0314  nop              
7FFE0315  pushfd           
7FFE0316  or          dword ptr [esp],100h 

so it comes from:

        7ffe0304()      
        ntdll.dll!77f6f4af()    
        ntdll.dll!77f6e265()    
        mshtml.dll!74877f58()   
>       mshtml.dll!74877576()   
 that was it on my machine.....

reproduced it twice.
but i could not see what this behavior evoked in the html code?!?!
first i thought could have something to do with the embedded scripts, but
doesn't seem so....   

btw not using Outlook (and i could not see why this should have something to
do with it)


mfg/kind regards 

nonleft
At 13:53 02.09.2003 +0200, you wrote:

Hi,

> No, I am very sure that this happens also, if you follow the link inside
> a web page only (without an involving mail client).

> So go to http://www.counterpane.com/crypto-gram.html , scroll down and
> click the link that says "Holger Hasselbach has translated several
> issues of Crypto-Gram into German [...]". The error occurs as described
> in my original posting.


well i tried

windows 2003 server no updates

first time i clicked it page closed after 5 seconds

second time nothing happened

third time it closed after 5 seconds

well 4th time nothing happened

5th time closed again

eaach time i spawned a new ie-window with the link and then followed
the one in the bottom

mfg

Michel Zobel 
Software Entwicklung 
hnw health network GmbH i.G.

-- 
COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test
--------------------------------------------------
1. GMX TopMail - Platz 1 und Testsieger!
2. GMX ProMail - Platz 2 und Preis-Qualit?tssieger!
3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: crypto.txt
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030902/65178c41/crypto.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ