Vista Forums - View Single Post - C:\Program Files\Windows Mail folder crashes Windows Explorer

07-26-2007

On Tue, 24 Jul 2007 10:34:01 -0700, JasonH

>I'm running Vista Home Premium x86. Everything is up to date, antivirus and
>antispyware are clean. About a week ago, I started noticing that whenever I
>went into Computer, opened C:\Program Files and scrolled to the bottom of the
>list (in Tiles view), I would get an instant "Windows Explorer Has Stopped
>Working" message and crash out to my desktop. Through trial and error, I
>determined that the dynamic icon for C:\Program Files\Windows Mail was
>somehow causing this, and sure enough, when I went to a static icon view like
>Details, I could scroll all the way down with no problems.

Interesting, and nasty.

IMO, allowing content to define its own icons is a fundamental safety
risk, if the icon extraction code is an exploitable surface.

>I've edited the WM folder icon so that it no longer crashes Windows
>Explorer on sight, but now whenever I try to open
>C:\Program Files\Windows Mail (just the folder, not the program) it
>still crashes Windows Explorer -- even after restarts.

Explorer navigates the namespace, not the file system, and "special"
folders often patch in their own code handlers that are invoked when
you navigate into the namespace.

That, too, is a "safety gap", i.e. the low risk you think you are
taking (navigating into a passive container to safely view a list of
items in it) is the high risk of running code that defines the folder.

>The modified date for the Windows Mail folder is 7/11/07 -- which was the day
>I installed the latest batch of patches from Windows Update, so I think the
>last Windows Mail patch is somehow to blame. At any rate, this never
>happened before 7/11/07.

O...K...

>It seems like it must be a corrupted icon or thumbnail path, but the crash
>happens so quickly that I can't do anything about it. I suppose I could
>tinker with it in safe mode, but I don't know if I could identify the
>offending file.

Do so, if only to see whether Safe Mode would be safe, if this
accidental crash was found to be an exploitable condition, and used as
such by mass malware (as could happen at any time).

>The Windows Mail program seems to open normally (though I
>use Outlook, so I can't tell if it's working).

I avoid apps that hold your data hostage to app version, then bind
that version to a larger "container" product, so that knocks out any
of MS's email apps. I also dislike an email storage model that hides
incoming malware from av scanners and manual management, as most email
apps do. Eudora is free of bother of these issues.

>It does make me wish I could just uninstall the problematic program.

Yup. Being able to "turn off" bundleware does not level the
competitive playing field, because you are forced to swallow the bloat
of the avoided MSware, as well as being compelled to patch it. So
competing apps that are better in terms of efficiency or patch
requirements, can't relieve you of the burden of the MSware.

>------------------------- ---- --- -- - - - -
Let's make a humming sound
>------------------------- ---- --- -- - - - -

07-26-2007	#13 (permalink)
cquirke (MVP Windows shell/user) n/a posts	Re: C:\Program Files\Windows Mail folder crashes Windows Explorer On Tue, 24 Jul 2007 10:34:01 -0700, JasonH >I'm running Vista Home Premium x86. Everything is up to date, antivirus and >antispyware are clean. About a week ago, I started noticing that whenever I >went into Computer, opened C:\Program Files and scrolled to the bottom of the >list (in Tiles view), I would get an instant "Windows Explorer Has Stopped >Working" message and crash out to my desktop. Through trial and error, I >determined that the dynamic icon for C:\Program Files\Windows Mail was >somehow causing this, and sure enough, when I went to a static icon view like >Details, I could scroll all the way down with no problems. Interesting, and nasty. IMO, allowing content to define its own icons is a fundamental safety risk, if the icon extraction code is an exploitable surface. >I've edited the WM folder icon so that it no longer crashes Windows >Explorer on sight, but now whenever I try to open >C:\Program Files\Windows Mail (just the folder, not the program) it >still crashes Windows Explorer -- even after restarts. Explorer navigates the namespace, not the file system, and "special" folders often patch in their own code handlers that are invoked when you navigate into the namespace. That, too, is a "safety gap", i.e. the low risk you think you are taking (navigating into a passive container to safely view a list of items in it) is the high risk of running code that defines the folder. >The modified date for the Windows Mail folder is 7/11/07 -- which was the day >I installed the latest batch of patches from Windows Update, so I think the >last Windows Mail patch is somehow to blame. At any rate, this never >happened before 7/11/07. O...K... >It seems like it must be a corrupted icon or thumbnail path, but the crash >happens so quickly that I can't do anything about it. I suppose I could >tinker with it in safe mode, but I don't know if I could identify the >offending file. Do so, if only to see whether Safe Mode would be safe, if this accidental crash was found to be an exploitable condition, and used as such by mass malware (as could happen at any time). >The Windows Mail program seems to open normally (though I >use Outlook, so I can't tell if it's working). I avoid apps that hold your data hostage to app version, then bind that version to a larger "container" product, so that knocks out any of MS's email apps. I also dislike an email storage model that hides incoming malware from av scanners and manual management, as most email apps do. Eudora is free of bother of these issues. >It does make me wish I could just uninstall the problematic program. Yup. Being able to "turn off" bundleware does not level the competitive playing field, because you are forced to swallow the bloat of the avoided MSware, as well as being compelled to patch it. So competing apps that are better in terms of efficiency or patch requirements, can't relieve you of the burden of the MSware. >------------------------- ---- --- -- - - - - Let's make a humming sound >------------------------- ---- --- -- - - - -
My System Specs