COMMAND

    IIS

SYSTEMS AFFECTED

    IIS

PROBLEM

    Valentijn Siebrands found following.  Crashing IIS using  ordinary
    vbscript in an ASP page.  Using Regular expressions one can filter
    eg  the  contents  of  an  HTML  page.  In this case Valentijn was
    planning to filter some words.  But some servers crashed on a  not
    valid regular expression when he pressed F5 in VID.

        <%
        Set fso = createobject("scripting.filesystemobject")
                Checkfile = server.MapPath("\") & "\index\mypage.html"
                mystring = fso.OpenTextFile ((checkfile)).ReadAll
        
                set myregexp = new regexp
        
                myregexp.Global = TRUE
                myregexp.IgnoreCase = true
                ' Normal regular expresion
                'myregexp.Pattern = "[A-Z0-9\.\-\_\ ]+"
                ' A not valid expression
                myregexp.Pattern = ".*"
                set mymatches =myregexp.Execute (mystring)
        
                for each thing in mymatches
                        Response.Write thing
                next
        %>

    Results:

        Winnt 4.0 Ent. sp5 IIS: (In the browser) a trappable error occured _or_ no data is returned aka: normal reaction on invalid expression
        Winnt 4.0 Ent. sp6 IIS: Inetinfo.exe crashes without any
        notice Winnt 4.0 Ent. sp6a IIS:  Inetinfo.exe dies eventlog message:

        An object call caused an exception.
        (IID: {51372AEF-CAE7-11CF-BE81-00AA00A2FA25})
        (Method: 3)
        (Microsoft Transaction Server Internals Information: File:
        i:\viper\src\runtime\mtxex\activity.cpp, Line: 889)
        (Exception: C0000005)
        (Address: 0x780015cc)
        MSVCRT!wcslen + 0x4
        vbscript + 0x2E4FB
        vbscript + 0x1603

    Access violation? No doc's in MS support database regarding Regexp
    or i:\viper\src\runtime

SOLUTION

    Nothing yet.