Re: Outlook HTML crash

["Thor Larholm" <thor () pivx com>]

This is definitely older than the latest IE patch, I've been experiencing it
personally for more than a year. In my cases, I can reproduce the issue more
easily when posting plaintext newsgroup message replies.

Both HTML and plaintext messages are edited throught MSHTML, which is
further exposed in IE (among others) as an ActiveX control (the DHTML
Editing Component) and directly embedded through the
designMode/contentEditable properties. Any editing that we manually perform
in Outlook or Outlook Express which causes them to crash or overflow (like
pressing enter in the replied-to text) can be programmatically reproduced.


Regards
Thor Larholm

----- Original Message -----
From: "http-equiv () excite com" <http-equiv () malware com>
To: <vuln-dev () securityfocus com>
Sent: Sunday, March 16, 2003 8:42 PM
Subject: RE: Outlook HTML crash


> That's very interesting. We were just discussing this last week, it
> has been going on for months and seems to have come about after the
> very latest Internet Explorer cumulative patch.  Also, as Kurt points
> out, hitting the enter key slowly or gently avoids the problem. Also
> happens when you 'reply to sender is same format [html]' and manually
> select plain text. Damn annoying "BUG!" in this particular vendor's
> ever long quest to irritate people !
>
> MSIMN caused an invalid page fault in
> module MSHTML.DLL at 015f:636bd8b8.
> Registers:
> EAX=004711a4 CS=015f EIP=636bd8b8 EFLGS=00010202
> EBX=02d6f2ec SS=0167 ESP=0056f3bc EBP=0056f3dc
> ECX=00000118 DS=0167 ESI=00000008 FS=124f
> EDX=0040003c ES=0167 EDI=004711a4 GS=0000
> Bytes at CS:EIP:
> f3 a5 8b 4d 08 8b 49 0c 89 41 08 e9 76 13 fc ff
> Stack dump:
> 00000000 02d6fa90 0000001e 0355ab0c 00000000 00000000 00000000
> 00000000 0056f474 6370f575 02d6f320 02d6fa90 0355ab0c 00000000
> 00001e00 00000000
>
>
> --
> http://www.malware.com
>
>
>
>
> they don't call it crapware for nothing.