Vulnerability Development mailing list archives
Re: Win 2000 & IE 'shell://' problem?
From: jslat () HOTMAIL COM (Chris Hall)
Date: Fri, 2 Jun 2000 00:16:56 GMT
From: Christian Adams <christian.adams () RevolutionLtd com> To: 'Chris Hall' <jslat () HOTMAIL COM> Subject: RE: Win 2000 & IE 'shell://' problem? Date: Thu, 1 Jun 2000 09:25:44 +0100
Chris, Anything interesting in that .dmp file? Chris.
well, the file to me is pretty cryptic, and i wish i had time to learn to interperate these file's but, heres a sniplet i found interesting , wouldn't know if this is exploitable, my programing skills are pretty lax, to say the least, DrWtsn32.txt Microsoft (R) Windows 2000 (TM) Version 5.00 DrWtsn32 Copyright (C) 1985-1999 Microsoft Corp. All rights reserved. Application exception occurred: App: explorer.exe (pid=1024) When: 5/31/2000 @ 19:32:10.192 Exception number: c00000fd (stack overflow) *----> System Information <----* Computer Name: STATION1 User Name: jslat Number of Processors: 1 Processor Type: x86 Family 5 Model 8 Stepping 12 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: None Current Type: Uniprocessor Free [..........] function: RegCloseKey 77db7e22 f6450802 test byte ptr [ebp+0x8],0x2 ss:00aa0692=?? 77db7e26 0f85e9000000 jne RegCloseKey+0x1c8 (77db7f15) 77db7e2c 8b45f8 mov eax,[ebp+0xf8] ss:00aa0692=???????? 77db7e2f 3bc7 cmp eax,edi 77db7e31 0f8501010000 jne RegCloseKey+0x1eb (77db7f38) 77db7e37 8d45f0 lea eax,[ebp+0xf0] ss:00aa0692=???????? 77db7e3a bf90000000 mov edi,0x90 77db7e3f 50 push eax 77db7e40 8d8558ffffff lea eax,[ebp+0xffffff58] ss:00033014=00000000 77db7e46 57 push edi FAULT ->77db7e47 50 push eax 77db7e48 53 push ebx 77db7e49 56 push esi 77db7e4a ff75e8 push dword ptr [ebp+0xe8] ss:00aa0692=???????? 77db7e4d 8b35a810db77 mov esi,[77db10a8] ds:77db10a8=77f83d9c 77db7e53 ffd6 call esi 77db7e55 837df800 cmp dword ptr [ebp+0xf8],0x0 ss:00aa0692=???????? 77db7e59 8945fc mov [ebp+0xfc],eax ss:00aa0692=???????? 77db7e5c 8b45f4 mov eax,[ebp+0xf4] ss:00aa0692=???????? 77db7e5f 0f85e1000000 jne RegCloseKey+0x1f9 (77db7f46) 77db7e65 b905000080 mov ecx,0x80000005 77db7e6a 394dfc cmp [ebp+0xfc],ecx ss:00aa0692=???????? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 000330BC 77DB80F2 00000600 000330E8 0003310C 00000000 advapi32!RegCloseKey 000330F4 77C7209A 00000000 775B2DF8 00000000 00033228 advapi32!RegQueryValueExW 00033230 77C72482 00000600 775B2DF8 00000000 00000000 shlwapi!SHQueryValueExW 00033470 775B2D4D 00000604 000339CC 775B2DF8 00000000 shlwapi!SHGetValueW 000334A0 775B2CF1 00000604 000339CC 00000003 00000000 shell32!Ordinal77 00033A4C 775B2E3D 00000002 775B5780 00000000 00000000 shell32!Ordinal77 00033C8C 775B8184 00118718 80000002 775B5780 00034D6C shell32!Ordinal77 00118718 001198C0 00000004 00000010 00000004 00630000 shell32!Ordinal83 00000003 00000000 00000000 00000000 00000000 00000000 <nosymbols> [...........] also, DR.watson generated a Application Error in the Event Log, as well as winlogin. winlogon.. The shell stopped unexpectedly and Explorer.exe was restarted. DR.Watson.. The application, explorer.exe, generated an application error The error occurred on 05/31/2000 @ 03:15:36.296 The exception generated was c00000fd at address 77DB7E47 (RegCloseKey) is anyoneelse getting a .dmp file ?? as i said this is just a default install of win2k. mabee someone with more experience can have a look see. - Chirs
-----Original Message----- From: Chris Hall [mailto:jslat () HOTMAIL COM] Sent: Thursday, June 01, 2000 1:16 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Win 2000 & IE 'shell://' problem? I am Running build 2195 (5.0.2195) Default install and doing just a "shell:" causes IE to Flicker and create a C:\user.dmp but not close Tried this in Windows explorer, doing just a "shell:", The Results varied, sometimes it would close generate a user.dmp file, but doing a "shell:\\" the results were the same as in IE ( except it would close. ) i really don't know too much about the inards workings of win, but is strange to say the least. just my 2 cents. Chris
________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- Re: Win 2000 & IE 'shell://' problem? Blue Boar (May 31)
- <Possible follow-ups>
- Fwd: Re: Win 2000 & IE 'shell://' problem? Aaron Kelley (Jun 01)
- Re: Win 2000 & IE 'shell://' problem? Chris Hall (Jun 01)
- Re: Win 2000 & IE 'shell://' problem? Alex Schuetz (Jun 02)
- Re: Win 2000 & IE 'shell://' problem? Nobu Hakeda (Jun 02)
- Re: Win 2000 & IE 'shell://' problem? Stephen John (Jun 02)
- Warning! 'shell://' with win98 causes endless problems Alex Schuetz (Jun 03)
- shell:// shell:\\ shell: Cory Kantar (Jun 03)
- JOLT2.C Cory Kantar (Jun 03)
- Re: Win 2000 & IE 'shell://' problem? office (Jun 11)