Full Disclosure mailing list archives

RE: Does your IE6 crash with these "URLs"?

From: "Jim Laverty" <jim () wangtrading com>
Date: Thu, 17 Jul 2003 13:29:32 -0400

Not sure this is leading to anything useful or why it is on this list,
but...

Same here:

AppName: iexplore.exe    AppVer: 6.0.2800.1106   ModName: msieftp.dll
ModVer: 5.50.4807.2300   Offset: 0000b8bc

The thread 'Win32 Thread' (0xc90) has exited with code 0 (0x0).
Unhandled exception at 0x039cb8bc in IEXPLORE.EXE: 0xC0000005: Access
violation reading location 0x00000000.

Call Stack:

      msieftp.dll!039cb8bc()

        msieftp.dll!039cba4a()  
        msieftp.dll!039cc02b()  
        SHDOCVW.DLL!71743f4e()  
        SHDOCVW.DLL!7170dfe3()  
        SHDOCVW.DLL!7170e18d()  
        SHDOCVW.DLL!7171ce8c()  
        browseui.dll!71174c93()         
        SHDOCVW.DLL!717209a5()  
        SHDOCVW.DLL!7176e276()  
        SHDOCVW.DLL!7173f80a()  
        browseui.dll!711ca25a()         
        browseui.dll!711ca2c8()         
        browseui.dll!7119cfd4()         
        browseui.dll!711765b7()         
        browseui.dll!711764fe()         
        browseui.dll!711764b1()         
        browseui.dll!711684e6()         
        USER32.DLL!77e3a244()   
        USER32.DLL!77e16b21()   
        USER32.DLL!77e24f4a()   
        browseui.dll!71168a74()         
        USER32.DLL!77e3a244()   
        USER32.DLL!77e145e5()   
        USER32.DLL!77e1a792()   

ASM Code:

039CB84E C2 0C 00         ret         0Ch  
039CB851 56               push        esi  
039CB852 33 F6            xor         esi,esi 
039CB854 E8 AE 03 00 00   call        039CBC07 
039CB859 85 C0            test        eax,eax 
039CB85B 75 13            jne         039CB870 
039CB85D FF 74 24 08      push        dword ptr [esp+8] 
039CB861 E8 41 D5 00 00   call        039D8DA7 
039CB866 83 F8 01         cmp         eax,1 
039CB869 75 05            jne         039CB870 
039CB86B BE 05 40 00 80   mov         esi,80004005h 
039CB870 85 F6            test        esi,esi 
039CB872 7D 11            jge         039CB885 
039CB874 8B 44 24 0C      mov         eax,dword ptr [esp+0Ch] 
039CB878 83 38 00         cmp         dword ptr [eax],0 
039CB87B 74 08            je          039CB885 
039CB87D 6A 00            push        0    
039CB87F 50               push        eax  
039CB880 E8 BA D4 00 00   call        039D8D3F 
039CB885 8B C6            mov         eax,esi 
039CB887 5E               pop         esi  
039CB888 C2 08 00         ret         8    
039CB88B 55               push        ebp  
039CB88C 8B EC            mov         ebp,esp 
039CB88E 51               push        ecx  
039CB88F 8B 45 18         mov         eax,dword ptr [ebp+18h] 
039CB892 56               push        esi  
039CB893 8B 75 08         mov         esi,dword ptr [ebp+8] 
039CB896 57               push        edi  
039CB897 83 20 00         and         dword ptr [eax],0 
039CB89A 89 4D FC         mov         dword ptr [ebp-4],ecx 
039CB89D 85 F6            test        esi,esi 
039CB89F BF 05 40 00 80   mov         edi,80004005h 
039CB8A4 74 74            je          039CB91A 
039CB8A6 8B 46 14         mov         eax,dword ptr [esi+14h] 
039CB8A9 85 C0            test        eax,eax 
039CB8AB 74 6D            je          039CB91A 
039CB8AD 66 83 38 00      cmp         word ptr [eax],0 
039CB8B1 74 67            je          039CB91A 
039CB8B3 FF 75 14         push        dword ptr [ebp+14h] 
039CB8B6 FF 15 D8 12 9C 03 call        dword ptr ds:[39C12D8h] 
039CB8BC 80 38 00         cmp         byte ptr [eax],0     <= Breaks here

Registers:

        eax     0x00000000      unsigned long
        ebp     0x00125b34      unsigned long
        esi     0x0021ef08      unsigned long
        edi     0x80004005      unsigned long
        ds      0x0023  unsigned short
        ecx     0x001c5bf0      unsigned long
        bx      0x5bf0  unsigned short
        cx      0x5bf0  unsigned short
        dx      0x001c  unsigned short
        ds      0x0023  unsigned short
        cs      0x001b  unsigned short

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Securesdotcoms
Sent: Thursday, July 17, 2003 12:38 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Does your IE6 crash with these "URLs"?


Crashes me:

AppName: iexplore.exe AppVer: 6.0.2800.1106 ModName: msieftp.dll

ModVer: 5.50.4807.2300 Offset: 0000b8bc

----- Original Message ----- 
From: "Martin" <nakal () web de>
To: <full-disclosure () lists netsys com>
Sent: Thursday, July 17, 2003 8:57 AM
Subject: [Full-disclosure] Does your IE6 crash with these "URLs"?

Hi,

I have a question. I would like to know, if you can also crash
IE6, when typing the following "URL":

ftp*://?

I have also tried from HTML like this:

<html>
<body>
<script language="JavaScript">
window.open("ftp://ftp*://?";);
</script>
</body>
</html>

I could crash IE about a year ago with the first "URL" above
and I've sent already various crash reports to Microsoft a 
long time ago. There was no reaction.

That's why I just want to ask if someone can check this for me.
Maybe only my 3 PCs are weird.

Thanks,
Martin


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


--------------------------------------------------------
Note:
This message is for the named person's use only.  It may 
contain confidential, proprietary or legally privileged 
information.  No confidentiality or privilege is waived 
or lost by any mistransmission.  If you receive this 
message in error, please immediately delete it and all 
copies of it from your system, destroy any hard copies 
of it and notify the sender.  You must not, directly or 
indirectly, use, disclose, distribute, print, or copy 
any part of this message if you are not the intended 
recipient. Wang Trading LLC and any of its subsidiaries 
each reserve the right to monitor all e-mail 
communications through its networks.

Any views expressed in this message are those of the 
individual sender, except where the message states 
otherwise and the sender is authorized to state them 
to be the views of any such entity.
---------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Does your IE6 crash with these "URLs"? Martin (Jul 17)
- Re: Does your IE6 crash with these "URLs"? Michael Renzmann (Jul 17)
- Re: Does your IE6 crash with these "URLs"? Securesdotcoms (Jul 17)
  - Re: Does your IE6 crash with these "URLs"? Byron Copeland (Jul 17)
  - RE: Does your IE6 crash with these "URLs"? Jim Laverty (Jul 17)
  - Re: Does your IE6 crash with these "URLs"? Blue Boar (Jul 17)
- Re: Does your IE6 crash with these "URLs"? Cesar (Jul 17)
- Re: Does your IE6 crash with these "URLs"? madsaxon (Jul 17)
- Re: Does your IE6 crash with these "URLs"? Michael Starr (Jul 17)
- Re: Does your IE6 crash with these "URLs"? Nik Reiman (Jul 17)
  - Re: Does your IE6 crash with these "URLs"? Spiro Trikaliotis (Jul 17)
- Re: Does your IE6 crash with these "URLs"? Martin (Jul 17)
  - Re: Does your IE6 crash with these "URLs"? madsaxon (Jul 17)
  - Re: Does your IE6 crash with these "URLs"? Doug Stewart (Jul 17)
- Re: Does your IE6 crash with these "URLs"? Troy (Jul 17)

(Thread continues...)