RE: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash

["kajbaf" <kajbaf () cse shirazu ac ir>]

> -----Original Message-----
> From: Gervaize Maquard [mailto:freestyler () tiscali fr] 
> Sent: Wednesday, April 23, 2003 12:00 AM
> To: bugtraq () securityfocus com
> Subject: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash
>
>
> Original message : 
>
> > Hola:
> > Well, as it seems that is the Microsoft Crash mounth, let see another
> one:
> > ---------------------------------
> > <html>
> > <form>
> > <input type crash>
> > </form>
> > </html>
> > ---------------------------------
> > This will crash IE with the following error:
> > "Unhandled exception in iexplore.exe (SHLWAPI.DLL): 
> 0xC0000005: Access 
> > Violation" It's a null pointer overwrite, so it's not easly 
> > exploitable...
>
> > This HTML also crash Outlook, Frontpage, and all the 
> Microsoft programs
> that >use the shlwapi.dll library to render web code.
> > Plain HTML is a dangerous language :)
>
> Added : 
>
> It also seems to crash explorer.exe when the .html file 
> containing the code is copied into any folder !! It may work 
> since windows is trying to create a view in Windows explorer. 
> Indeed, it doesn't work when the file is copied in the desktop.
>
> Tested on Windows XP with Office XP.

        Not only on winXP; it has the same effect on win2000 server and
advanced server; windows.NET advanced server & interprise server RC1;
RC2 & the release version. With office XP or 2000 or without them.
Of course you could delete the file through the command prompt. :D
        Another interesting thing; in win2000 and winXP, the browser (
iexplore or explorer or ... ) hangs & shows the message that send this
error to microsoft & restart the browser.
In win.NET it crashes the browser & restarts it without any message.
But.....
        After u log off & again log on; it now shows the messages to
you; one by one.
It shows the stability of .NET system that keeps the messages for u. :))