TUCoPS :: Windows :: hack0103.htm

A .NET class bug that can hang a machine instantly
A .NET class bug that can hang a machine instantly 



I posted the following information to a couple of Microsoft news groups in the last couple of days with no response, so I thought I would post it here perhaps to encourage the examination of this .NET class, which I believe is vulnerable to exploits because of quality problems in the code.  I believe the following bug could easily be used in an exploit to crash any Windows machine that is running .NET 1.1 in Windows XP.  The bug is basically a flaw in the XMLTextReader class of .NET that locks the machine up so badly that it can only be shutdown with the power switch.  I do not have an ASP.NET environment in which to test it, so I would be interested to know if it has any effect there that is similar to C# .NET.  The bug can be reproduced in the following manner using the Visual Studio 7 .NET C# compiler:



1) Create a simple C# Windows Application Project and add a form 

to it.  Add System.XML to the namespaces of the project.

2) Add a ListBox control to the form.  (name it lbUsers for this code)

3) Add the following code to the OnLoad event of the form:



protected override void OnLoad(EventArgs e) 

{ 

   XmlTextReader xmlConfigFile; 



   string filename = Application.StartupPath 

+ "\\test.vtx"; 

   xmlConfigFile = new XmlTextReader(filename); 

          

   while(xmlConfigFile.Read()) 

   { 

     if(xmlConfigFile.NodeType == XmlNodeType.Element) 

     { 

        if(xmlConfigFile.Name == "User") 

        { 

          if(xmlConfigFile.HasAttributes) 

          { 

             while(xmlConfigFile.MoveToNextAttribute()) 

             { 

               if(xmlConfigFile.Name == "Name") 

                  lbUsers.Items.Add

(xmlConfigFile.Value);       

             } 

           } 

        } 

      } 

   } 

   lbUsers.Refresh(); 

   base.OnLoad (e); 

} 



4) Place the following XML File in the application 

directory for the project (the /debug directory).  Name 

the file test.vtx



 

 

    

       

          

          

          

          

          

          

       

    

 





5)  DO NOT PLACE any breakpoints in the code.

6)  Use the F5 key (Debug/Run) to execute the code.



Result:  The machine will hang.  The only choice is the 

power switch.  CTRL-ALT-DEL is ineffective.



Other information:

a)  If you execute this code from a Button.Click event on 

the form, IT WORKS JUST FINE.

b)  If you comment out all of the code inside the while 

loop in the function, the machine will still hang.

c)  If you move the base class OnLoad above the while 

loop, the code will still hang.

d)  If you put this code in the OnActivate function of the 

form, the code will still hang.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH