> -----Original Message----- > From: Gervaize Maquard [mailto:freestyler@tiscali.fr] > Sent: Wednesday, April 23, 2003 12:00 AM > To: bugtraq@securityfocus.com > Subject: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash > > > Original message : > > >Hola: > >Well, as it seems that is the Microsoft Crash mounth, let see another > one: > >--------------------------------- > ><html> > ><form> > ><input type crash> > ></form> > ></html> > >--------------------------------- > >This will crash IE with the following error: > >"Unhandled exception in iexplore.exe (SHLWAPI.DLL): > 0xC0000005: Access > >Violation" It's a null pointer overwrite, so it's not easly > >exploitable... > > >This HTML also crash Outlook, Frontpage, and all the > Microsoft programs > that >use the shlwapi.dll library to render web code. > >Plain HTML is a dangerous language :) > > Added : > > It also seems to crash explorer.exe when the .html file > containing the code is copied into any folder !! It may work > since windows is trying to create a view in Windows explorer. > Indeed, it doesn't work when the file is copied in the desktop. > > Tested on Windows XP with Office XP. > Not only on winXP; it has the same effect on win2000 server and advanced server; windows.NET advanced server & interprise server RC1; RC2 & the release version. With office XP or 2000 or without them. Of course you could delete the file through the command prompt. :D Another interesting thing; in win2000 and winXP, the browser ( iexplore or explorer or ... ) hangs & shows the message that send this error to microsoft & restart the browser. In win.NET it crashes the browser & restarts it without any message. But..... After u log off & again log on; it now shows the messages to you; one by one. It shows the stability of .NET system that keeps the messages for u. :))