> At 11:42 2001-05-16 +0100, you wrote: > >Now, the wierd thing is this. I've managed to make this happen a > few times, > >but it seems slightly random. Wonder if anyone else can reproduce this: > > > >1. type shell://: hit return. Normal extra window appears > >2. type shell://:; hit return. TWO extra windows appear > >3. type shell://:;; hit return. 2 or 3 extra windows appear > >4. type shell://: hit return. Explorer comes back with an > exception error: > > > >The Exception unknown software exception (0xc00000fd) occurred in the > >application at location 0x76c82587 > > "shell://:;" crashed both ie and explorer.exe on one machine. > It didn't work on two other with SP2, so I guess SP2 will fix it. > > However, "gopher://:" still makes them crash ie. This is very disconcerting. The fact that Microsoft keeps incrementally fixing these problems indicates that IE has two very serious problems that are *not* being fixed: 1) There is no preparser to sanity check the input. If there were, input that's not what Microsoft expects the main parser to handle would never get to the main parser. 2) The main parser is fragile, that is, it parses its input with assumptions about what that input is, rather than carefully checking every code path to sanely abort malformed input. Both of these issues are security essentials. The two together will create an endless series of exploits and crashes until they're fixed at the root. C'mon guys, this is basic stuff. DS
This archive was generated by hypermail 2b30 : Mon May 21 2001 - 10:30:20 PDT