CVE-2000-0115: 'Strange behaviour IIS and RegExp'

[prev in list] [next in list] [prev in thread] [next in thread] List: ntbugtraq Subject: Strange behaviour IIS and RegExp From: valentijn <valentijn () my ! net> Date: 2000-01-21 15:08:28 [Download RAW message or body]

Hai there!

The issue: Crashing IIS using ordinary vbscript in an ASP page. Using Regular expressions one can filter eg the contents of an HTML page. In this case i was planning to filter some words. But some servers crashed on a not valid regular expression when i pressed F5 in VID.

<% Set fso = createobject(“scripting.filesystemobject”) Checkfile = server.MapPath(“\”) & “\index\mypage.html” mystring = fso.OpenTextFile ((checkfile)).ReadAll

    set myregexp = new regexp

    myregexp.Global = TRUE
    myregexp.IgnoreCase = true
    ' Normal regular expresion
    'myregexp.Pattern = "\[A-Z0-9\\.\\-\\\_\\ \]+"
    ' A not valid expression
    myregexp.Pattern = ".\*"
    set mymatches =myregexp.Execute (mystring)

    for each thing in mymatches
            Response.Write thing
    next

%>

Results: Winnt 4.0 Ent. sp5 IIS: (In the browser) a trappable error occured _or_ no data is returned aka: normal reaction on invalid expression Winnt 4.0 Ent. sp6 IIS: Inetinfo.exe crashes without any notice Winnt 4.0 Ent. sp6a IIS: Inetinfo.exe dies eventlog message:

An object call caused an exception. (IID: {51372AEF-CAE7-11CF-BE81-00AA00A2FA25}) (Method: 3) (Microsoft Transaction Server Internals Information: File: i:\viper\src\runtime\mtxex\activity.cpp, Line: 889) (Exception: C0000005) (Address: 0x780015cc) MSVCRT!wcslen + 0x4 vbscript + 0x2E4FB vbscript + 0x1603

Access violation? No doc’s in MS support database regarding Regexp or i:\viper\src\runtime

Can anyone reproduce this?

Regards,

Valentijn Siebrands [email protected]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic