Vulnerability Development mailing list archives
RE: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:
From: "David Schwartz" <davids () webmaster com>
Date: Thu, 17 May 2001 15:39:49 -0700
At 11:42 2001-05-16 +0100, you wrote:
Now, the wierd thing is this. I've managed to make this happen afew times,but it seems slightly random. Wonder if anyone else can reproduce this: 1. type shell://: hit return. Normal extra window appears 2. type shell://:; hit return. TWO extra windows appear 3. type shell://:;; hit return. 2 or 3 extra windows appear 4. type shell://: hit return. Explorer comes back with anexception error:The Exception unknown software exception (0xc00000fd) occurred in the application at location 0x76c82587"shell://:;" crashed both ie and explorer.exe on one machine. It didn't work on two other with SP2, so I guess SP2 will fix it. However, "gopher://:" still makes them crash ie.
This is very disconcerting. The fact that Microsoft keeps incrementally fixing these problems indicates that IE has two very serious problems that are *not* being fixed: 1) There is no preparser to sanity check the input. If there were, input that's not what Microsoft expects the main parser to handle would never get to the main parser. 2) The main parser is fragile, that is, it parses its input with assumptions about what that input is, rather than carefully checking every code path to sanely abort malformed input. Both of these issues are security essentials. The two together will create an endless series of exploits and crashes until they're fixed at the root. C'mon guys, this is basic stuff. DS
Current thread:
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:, (continued)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Marius Huse Jacobsen (May 21)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Bruno Mosconi (May 21)
- RE: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Uidam, T (Tim) (May 16)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Philip Stoev (May 17)
- RE: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Jeremy Rodriguez (May 21)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Philip Stoev (May 17)
- RE: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Kayne Ian (Softlab) (May 16)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Don Tansey (May 17)
- RE: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Bo Stark (May 17)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Sven van ´t Veer (May 21)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Devdas Bhagat (May 21)
- RE: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: David Schwartz (May 21)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Sven van ´t Veer (May 21)
- RE: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Levi Ruiz (May 17)
- Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: Marius Huse Jacobsen (May 21)