COMMAND
Internet Explorer
SYSTEMS AFFECTED
Win systems
PROBLEM
Noah Spurrier found following. This bug will cause all instances
of the browser to crash. It may also crash WindowsNT itself.
This code uses standard HTML forms with no dynamic HTML content.
The following show a sample of the code.
<html>
<head>
<title>This has just crashed your browser.</title>
</head>
<frameset cols="100%">
<frame name="index" src="#crash">
</frameset>
<A NAME="crash">Oops!</A>
<noframes>
Oyo! You need frames in order to crash.
</noframes>
</html>
This bug will frequently crash the Windows desktop (GUI) (under
9x). You may have to reboot without shutting down. In fact, you
may be unable to shutdown cleanly. Rebooting a Win95 machine
without first shutting down can sometimes cause problems with the
filesystem. On NT this will eat up all your CPU.
What makes this bug interesting is that it does not use any
dynamic content, so it completely bypasses any security
restrictions you may have turned on. As far as I am aware, there
is no way to configure your browser to prevent it from crashing
while interpreting this simple HTML code. What this code does is
use standard, plain HTML frames in a rather odd way. A frameset
and one frame is created. Normally the frame source would be set
to be an external link, but in this example, the frame source is
set to be a named link within the current HTML file. This creates
an endless loop in the HTML parser of MSIE. If the browser is
left running in this endless loop it will eventually cause a stack
fault. This usually takes about 30 seconds. The endless loop
also creates a very high CPU cycle load, so it is very difficult
to shutdown the browser with the Task Manager before the stack
fault occurs.
Because MSIE 4 is so tightly integrated with the OS it may happen
to crash the desktop as well. This is certainly true if the the
Active Desktop is turned on. If Microsoft has not fixed this bug
in Win98 then presumably this problem will be even greater.
Windows98 practically grafts the balls of the browser to the
brains of the OS.
SOLUTION
There is a couple of things you could try out to lessen the
impact:
1. Use Regedit:
goto:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
add a REG_DWORD value:
DesktopProcess
Set it to 1. Then reboot. This creates a seperate process
for the taskbar and desktop, also when you run MSIE4 it runs it
under a new process IEXPLORE.EXE instead of explorer.exe. Thus
enabling the suffering browser to be killed without
detrementing the rest of the O/S. You will also find your NT
machine [esp. SMP] will have better desktop performance.
However, this may result in a loss on functionality in Explorer
Most places that suggest using this reg hack to split processes
*always* state that it does not work properly with IE Active
Desktop. Most places, like
http://www.snowhill.com/~richards/reghack.htm
strongly recommend reversing this before adding or using Active
Desktop. You may check also:
http://support.microsoft.com/support/kb/articles/Q181/5/62.asp
It _exactly_, down to the example, describes the symptom, and
the fix! If you know the name of the .CPL file that controls
the function you are looking for, just run "CONTROL.EXE
<FILE>.CPL" from the command prompt. Brings it up by itself.
2. Advanced Option in MSIE4
Choose "Browse in a new process", this way if the page was
downloaded by the 'spawned' browser, it would run in a seperate
process and thus killable without losing the O/S again!