Windows Update Error

[s.hird () STUDENT QUT EDU AU (Shane Hird)]

It appears that Microsoft's Windows Update Site is causing
IE to crash for users visiting the site, a quick search on
deja-news shows that it probably isn't just a one off
occurance. Having recently found a few BO's in other
controls, I thought to take a look at the CWUpdInfo Class,
and discovered yet another minor BO. I've had only limited
success in controlling the RET address, although I have
managed to control EIP at least once, unfortuantly I have
been unable to repro it. This doesn't appear to be the same
problem that is occuring on the windows update page, trying
to understand the complex, partly generated, poorly
formated etc code on this site to repro the problem isn't
an easy (or particularly interesting) task. I've also had
only minimal experience with behaviors and style sheets etc
which MS seem to like using.

If anyone manages to have any form of success with this
control (exploit-wise), I'd be grateful for any
information. (After reading the FAQ, I assume this is what
this forum is for).

<object classid="clsid:A3863C2E-86EB-11D1-A9DB-00C04FB16F9E"
id="wupd"></object>

<script language="VBScript"><!--

expstr="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA"

wupd.gotomtsurl(expstr)
--></script>

-Shane.