I want to store the exported pdf file to clip board to be able to paste as an attachment in outlook. I'm using asp.net / vb and i've tried to import system.windows.forms in my web application to use the clipboard class.
any idea?
'here's my code:
Clipboard.SetDataObject(System.IO.Path.Combine("C:/Temp/", HttpContext.Current.Session("fileName")), True)
'this is the error after this process:
Exception thrown: 'System.Threading.ThreadStateException' in System.Windows.Forms.dll
An exception of type 'System.Threading.ThreadStateException' occurred in System.Windows.Forms.dll but was not handled in user code
Current thread must be set to single thread apartment (STA) mode before OLE calls can be made. Ensure that your Main function has STAThreadAttribute marked on it.
ASP.NET code is run on the back end side, i.e. server. So, accessing the Clipboard on the server doesn't make any sense. Instead, you can find a JavaScript code/component which can be run on the client browser.
Jscript Unexpected exceptions
After Windows Server patch Vulnerability (CVE-2019-1367) released in 23. September
Windows Server 2019 (KB4522015) https://support.microsoft.com/en-us/help/4522015/windows-10-update-kb4522015
Windows Server 2016 (KB4522010)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4522007)
Windows Server 2012 (KB4522007)
Windows Server 2012 R2 (KB4522007)
Updated 07.10.2019 Also "Preview of Monthly Rollup" and "Monthly Rollup" packages are affected and doesn't fix the specific Jscript Workflow issues
Windows Server 2019: KB4516077, KB4524148
Windows Server 2016: KB4516061, KB4524152
Windows Server 2012 R2: KB4516041, KB4524156
in the classic ASP application on several workflow cases are occurring jscript Unexpected errors in server side:
Active Server Pages error 'ASP 0115'
A trappable error (C0000005) occurred in an external object. The script cannot continue running
Active Server Pages error 'ASP 0240'
A ScriptEngine threw exception 'C0000005' in 'IActiveScript::Close()' from 'CActiveScriptEngine::FinalRelease()'.
Patch
A remote code execution vulnerability exists in the way that the
scripting engine handles objects in memory in Internet Explorer, aka
'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is
unique from CVE-2019-1221.
https://www.cvedetails.com/cve/CVE-2019-1367/
A remote code execution vulnerability exists in the way that the
scripting engine handles objects in memory in Internet Explorer. The
vulnerability could corrupt memory in such a way that an attacker
could run arbitrary code in the context of the current user. An
attacker who successfully exploited the vulnerability could gain the
same user rights as the current user. In a web-based attack scenario,
an attacker could host a specially crafted website that is designed to
exploit the vulnerability through Internet Explorer and then convince
a user to view the website, for example, by sending an email. The
security update addresses the vulnerability by modifying how the
scripting engine handles objects in memory.
https://blog.qualys.com/laws-of-vulnerabilities/2019/09/24/microsoft-releases-out-of-band-security-updates
Patch is said to address issue in Memory management. Doesn't specify what exactly changes, what are the new limitations. But seems that it causes some side-effect failure cases.
Error nature
The errors cannot be handled by regular try-catch approach
The errors causes workflow interruptions
The exception seemingly happens only one time entering the specific workflow, and on repeated web-request for the same routine the code succeeds (Until App-pool restarted).
Sometimes exceptions is entering the workflow first, second or third time.
The exception only happens if IIS ASP Debugging Properties - Enable Server-side Debugging is set to False
Background
Verified that the issue is present on all tested Server instances with the patch. Also isolated the patch by checking the State before and after applying the patch (Server 2012 R2, Server 2016, Windows 10 - 1809)
From Classic ASP Server cannot handle the issue, with try-catch,
General error is returned - Script Error Message
Or if turned off (ASP - Send Errors To Browser) ASP error codes with page where they happen
Event Viewer also registers those errors, but without additional information
Global.asa doesn't offer global error handling, ASP Server object Server.GetLastError() doesn't catch the exception
Explored exceptions with
DebugDiag
Sysinternals Process Monitor
IIS - Failed Request Tracing
Environment
App-Pool: Classic pipeline mode, Enable 32-Bit Applications: True
Application: ASP
ClientL IE 11 Enterprise mode, with ActiveX enabled
Application pool identity is Impersonated in Web request calls
Issues, identified
1 In w3wp__V...__First chance exception 0XC0000005.dmp the assembly
instruction at msvcrt!memcpy+198 ###
in C:\Windows\System32\msvcrt.dll from Microsoft Corporation has caused an access
violation exception (0xC0000005) when trying to read from memory location 0x0000000a on thread 33
Instruction Address
Source
[0x7532a2d8] msvcrt!memcpy+198
[0x6ac17deb] jscript!AString::CopyToBuffer+4b
[0x6ac10524] jscript!AString::ConvertToBSTR+1bb74
[0x6abdf6b7] jscript!PrepareInvoke+277
[0x6abf52df] jscript!InvokeDispatch+8f
[0x6abe2f03] jscript!VAR::InvokeByDispID+523
[0x6abdbde0] jscript!NameTbl::InvokeInternal+270
[0x6abe2b17] jscript!VAR::InvokeByDispID+137
[0x6abe6083] jscript!CScriptRuntime::Run+2db3
...
Followed by - Microsoft Corporation has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000000
[0x6b7c2d77] jscript!VarStack::ScavengeRoots+27
[0x6b7c2b89] jscript!GcContext::CollectCore+79
[0x6b7c2af4] jscript!GcContext::Collect+1b
[0x6b7bca21] jscript!GcContext::ExhaustiveCollect+21
[0x6b7a604a] jscript!CSession::Close+18a
[0x6b7a32d9] jscript!COleScript::CloseInternal+13b
[0x6b7a2d36] jscript!COleScript::Close+16
[0x6b8a71ce] asp!CActiveScriptEngine::FinalRelease+1be
...
Not identified the exact line that causes the issue, the FailedRequestTrace last record is assigning string variable from Application Scope xml object attribute. (CurrentStatement return attrib.text)
Similar case - access violation exception (0xC0000005) when trying to read from memory location 0x00000000
[0x6b907e09] jscript!AString::CopyToBuffer+69
[0x6b900524] jscript!AString::ConvertToBSTR+1bb74
[0x6b8e49a7] jscript!VAR::ConvertASTRtoBSTR+13
[0x6b8c49e8] jscript!VAR::GetValue+58
[0x6b8e0f34] jscript!ConvertToString+58
[0x6b922fbf] jscript!JsString+4f
[0x6b8d92e6] jscript!NatFncObj::Call+e6
...
Followed by - access violation exception (0xC0000005) when trying to read from memory location 0x004e0049
[0x6b8e2d77] jscript!VarStack::ScavengeRoots+27
[0x6b8e2b89] jscript!GcContext::CollectCore+79
[0x6b8e2af4] jscript!GcContext::Collect+1b
[0x6b8dca21] jscript!GcContext::ExhaustiveCollect+21
[0x6b8c604a] jscript!CSession::Close+18a
[0x6b8c32d9] jscript!COleScript::CloseInternal+13b
[0x6b8c2d36] jscript!COleScript::Close+16
[0x6bfb71ce] asp!CActiveScriptEngine::FinalRelease+1be
...
2 In w3wp__...__Second_Chance_Exception_C0000005.dmp the assembly instruction at asp!CResponseBuffer::Write+3a
in \?\C:\Windows\System32\inetsrv\asp.dll from Microsoft Corporation has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000014 on thread 32
[0x6f042e88] asp!CResponseBuffer::Write+3a
[0x6f0452ea] asp!CResponse::WriteSz+4c
[0x6f02dd3b] asp!CErrInfo::LogErrortoBrowser+ff
[0x6f02d4c9] asp!CErrInfo::LogErrortoBrowserWrapper+d7
[0x6f02d047] asp!CErrInfo::LogError+e8
[0x6f02e241] asp!HandleError+116
[0x6f02f009] asp!HandleErrorMissingFilename+df
[0x6f04941b] asp!CActiveScriptEngine::Call+bb
[0x6f030eff] asp!CallScriptFunctionOfEngine+4d
[0x6f02f99f] asp!ExecuteRequest+173
[0x6f02f828] asp!Execute+23d
[0x6f035c6f] asp!CHitObj::ViperAsyncCallback+467
[0x6f05df53] asp!CViperAsyncRequest::OnCall+73
[0x6eefd325] comsvcs!CSTAActivityWork::STAActivityWorkHelper+45
[0x77098346] combase!EnterForCallback+16e [onecore\com\combase\dcomrem\crossctx.cxx # 2072 + 2] onecore\com\combase\dcomrem\crossctx.cxx # 2072 + 2
[0x7709816d] combase!SwitchForCallback+206 [onecore\com\combase\dcomrem\crossctx.cxx # 1694] onecore\com\combase\dcomrem\crossctx.cxx # 1694
[0x7709bae4] combase!PerformCallback+bc [onecore\com\combase\dcomrem\crossctx.cxx # 1573 + 16] onecore\com\combase\dcomrem\crossctx.cxx # 1573 + 16
[0x7709b7f9] combase!CObjectContext::InternalContextCallback+119 [onecore\com\combase\dcomrem\context.cxx # 4421 + 1a] onecore\com\combase\dcomrem\context.cxx # 4421 + 1a
[0x77198e66] combase!CObjectContext::DoCallback+26 [onecore\com\combase\dcomrem\context.cxx # 4254] onecore\com\combase\dcomrem\context.cxx # 4254
[0x6eefd015] comsvcs!CSTAActivityWork::DoWork+175
[0x6eeff0e0] comsvcs!CSTAThread::DoWork+26
[0x6eeff599] comsvcs!CSTAThread::ProcessQueueWork+48
[0x6eeff8dd] comsvcs!CSTAThread::WorkerLoop+13d
[0x76577e71] msvcrt!_callthreadstartex+25
[0x76577f31] msvcrt!_threadstartex+61
[0x765f0419] kernel32!BaseThreadInitThunk+19
[0x77d5662d] ntdll!__RtlUserThreadStart+2f
[0x77d565fd] ntdll!_RtlUserThreadStart+1b
...
Most likely comes from writing to log file
ioo_fso = Server.CreateObject("Scripting.FileSystemObject");
...
loo_file = loo_fso.OpenTextFile(ls_filename,8,true);
...
try {
loo_file.WriteLine("[" + str + "]")} catch (ee) {}
Proces-Monitor shows "SHARING VIOLATION" log records for w3wp.exe on accessing the log file
3 Also experienced ASP 0115 right after custom Server custom component creation
var pbkdf2;
try {
pbkdf2 = Server.CreateObject("Pbkdf2");
pbkdf2.hashPassword(ls_newpassword, 100000);
} catch (e) {
addToLogg("Login:CreateObject failed for Pbkdf2, " + e.description);
}
from FailedReqLogFiles logs, but not identified yet in DebugDiag
Questions
I know ASP Jscript is an old, out-phasing technology, but there should be plenty of Enterprise solution still out there, so could be someone else also runs into these issues.
I would expect the Jscript to fall in regular way, so that the error situation could be handled
Has someone else come upon similar situation?
What are the new restrictions on jscript code?
Are there ways to handle these fails in server-side, prior to returning response to client?
Maybe there is some ASP/jscript environment settings, memory management settings, Windows privileges, permissions that can potentially solve the issues?
Solution
As hinted by #Max (below) the last Microsoft KBs fixes the Jscript Workflow issues.
The only comment in KB that reflects jscript is
Addresses an issue with applications and printer drivers that utilize
the Windows JavaScript engine (jscript.dll) for processing print jobs.
So apparently the fix in common jscript handling
The summary of KBs that fix the issue
Server 2019 1809: KB4519338
Server 2019 1903: KB4517389
Server 2016: KB4519998
Server 2012 R2 : KB4520005
Server 2012: KB4520007
Server 2008 R2: KB4519976
Server 2008 (with SP2): KB4520002
Not required to uninstall previous KB updates.
See that previous monthly Rollup (October 3) is no longer present in Window Updates after installing the new one.
While I didn't manage to isolate the main "First chance exception 0xC0000005" from the Workflows:
After applying the October 8 KB the issue 0xC0000005 is no longer there in the previously failing Workflows
The isolated second chance exceptions are also not reproduced, see ntdl Access Violation case, Server Object Creation case
My isolated Regex samples with test data from the failing workflow didn't reproduce the Exception, so I cannot confirm that the regex use directly caused the issues
However VBScript proved not to be affected, as pointed out by #Lee
This appears to be an unfortunate issue in the basket, while fixing memory corruption creating a several ones.
We also experienced these same errors related to CVE-2019-1367 and classic ASP. We narrowed the scope of the errors to a few places we were using JScript instead of VBScript to do JSON conversions, then we narrowed it further to were we were using regex. We worked around the errors by rewriting the functionality that was in JScript code in VBScript.
I found this article that refers to CVE-2019-13670 with a very similar number and very similar wording: Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a V8 memory corruption in regex..
CVE-2019-1367 is specific to Internet Explorer and updated C\Windows\system32\JScript.dll. From that, I'm guessing IE's javascript engine and classic ASP JScript engine are both handled by JScript.dll? Wild guess. CVE-2019-13670 is specific to Chrome (which I assume doesn't use JScript.dll), but it mentioned regex and we found our problems to be specific to regex usage in JScript.
My group is also experiencing these issues. Our entire legacy system is written in ASP
with JScript. The KB4522007 update was installed on 2019-09-25, at which point we noticed the errors. In addition to the error mentioned in the original post, we are experiencing other errors as well:
A trappable error (C0000005) occurred in an external object. The script cannot continue running.
The function returned |.
Function expected
Variable uses an Automation type not supported in JScript
Object doesn't support this property or method
These are all errors happening in unmodified files, and were never observed prior to the update. The errors are periodic, and not systematically reproducible...
Removing the KB4522007 updated caused the errors to go away.
it seems the latest updates from Microsoft fixes the problem.
I get following error message (after a long wait) in UFT when try to set value of an input field in a Java based desktop application. I checked in Object Repository and it shows correct field in UI of application.
Failed due to a lacking or broken API call inherited
I've updated HereMaps JavaScript from 2.2.4 to 2.5.3 and the map has stopped working on Chrome (version 31.0.1650.57 m). Firefox and IE work as before.
On the console I see the message many times
Coroutine 'nokia.maps.map.render.p2d.Engine#_renderCo' aborted abnormally with exception base.js:158
TypeError: Cannot read property 'body' of undefined
Does anyone have a hint of what might be wrong?
Thanks.
It is very difficult to answer your specific problem without seeing your code, but I am able to produce a similar error which may help you track down your issue.
If you are getting multiple error messages, then it is likely that the JavaScript library itself is calling something periodically. From the text of the error it likely that the library is running a Coroutine, which is usually used for threading within the application.
The error I can produce is in a callback - if I add an overlay to the map, and deliberately try to access a non-existent property within my code I can get:
Coroutine 'nokia.maps.map.render.p2d.Engine#_renderCo' aborted abnormally with exception base.js:158
TypeError: Cannot read property 'bar' of undefined
This was because I added a typo as follows:
I changed the reference from foo.something.bar in the callback to foo.does_not_exist.bar. So I guess somewhere in your callbacks you are referencing foo.something.body in your callback - it could be in a listener for example.
Another possibility, is that you are switching directly to Display.SATELLITE when you are creating the map - this is no longer allowed:
Taken from the News feed on developer.here.com:
Breaking changes with 2.5.3
The new rendering engine requires the map to be initialized
asynchronously. If you want to change the center, zoom level or the
base map type the API now requires the application to wait for the
"displayready" event to be fired. This event is only fired once.
Please refer to the developer's guide (section "Beyond the Basic Map Application
") for details.
I converted a standalone Flex app into a module. Now that it's a module, when I login (and call the backend services), I'm getting a security sandbox violation.
The login handler throws this fault String: 'Send Failed', with a more descriptive: 'Channel.Connect.Failed error NetConnection.Call.Failed: HTTP: Failed:url: 'http://myUrl:8080/AppManager/messagebroker/amf'.
Then the FB console throws an 'unhandled security sandbox violation error'.
Can converting an app into a module cause a sandbox violation?
Thanks for any helpful tips.
I'm making extensive use of modules and haven't run into this. There are memory issues I ran into that I had to fix by actually declaring an instance of the modules in the main modules...I didn't have to create an instance, just declare a variable to get the linkage right, then have all the other modules compile against that main module. Memory errors went away, and all the other modules were much smaller too.