(154.1738): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
eax=00000000 ebx=00000000 ecx=0000000a edx=70862ba0 esi=70862ba0 edi=70862ba0
eip=77b4eab0 esp=04ffa204 ebp=04ffa230 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!RtlFailFast2:
77b4eab0 cd29            int     29h

0:002> r
eax=00000000 ebx=00000000 ecx=0000000a edx=70862ba0 esi=70862ba0 edi=70862ba0
eip=77b4eab0 esp=04ffa204 ebp=04ffa230 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!RtlFailFast2:
77b4eab0 cd29            int     29h

0:002> k
 # ChildEBP RetAddr  
00 04ffa200 77ba6469 ntdll!RtlFailFast2
01 04ffa230 77b4e9d1 ntdll!RtlpHandleInvalidUserCallTarget+0x95
02 04ffa2b8 74bed123 ntdll!LdrpValidateUserCallTargetBitMapRet+0x44
03 04ffa2f0 73181102 OLEAUT32!VariantClear+0x223
04 04ffa304 6f8d9912 IEShims!NS_ATLMitigation::APIHook_VariantClear+0x32
05 04ffa360 6f8e01fa vbscript!AssignVar+0x5e2
06 04ffa55c 6f8d9f97 vbscript!CScriptRuntime::RunNoEH+0x563a
07 04ffa5ac 6f8d92f5 vbscript!CScriptRuntime::Run+0xc7
08 04ffa6bc 6f8d4803 vbscript!CScriptEntryPoint::Call+0xe5
09 04ffa748 6f8d3803 vbscript!CSession::Execute+0x443
0a 04ffa7e4 7206bdc9 vbscript!NameTbl::InvokeEx+0x883
0b 04ffa828 722c2aeb MSHTML!CScriptCollection::InvokeEx+0xc5
0c 04ffc898 723d647d MSHTML!CWindow::InvokeEx+0x2bb
0d 04ffc8cc 723d62b7 MSHTML!CBase::VersionedInvokeEx+0xfd
0e 04ffc910 723d672f MSHTML!CBase::PrivateInvokeEx+0x87
0f 04ffc984 723d640b MSHTML!COmWindowProxy::InvokeEx+0x25f
10 04ffc9b8 723d62b7 MSHTML!CBase::VersionedInvokeEx+0x8b
11 04ffc9fc 708ecf92 MSHTML!CBase::PrivateInvokeEx+0x87
12 04ffca80 723d61e0 jscript9!JavascriptDispatch::InvokeEx+0x2c2
13 04ffcab8 723d672f MSHTML!CBase::varInvokeEx+0xd0
14 04ffcb2c 723d640b MSHTML!COmWindowProxy::InvokeEx+0x25f
15 04ffcb60 722728bb MSHTML!CBase::VersionedInvokeEx+0x8b
16 04ffcc10 709ce838 MSHTML!CJScript9Holder::Trampoline_DispatchMethod+0x22b
17 04ffcc48 709ce7a2 jscript9!Js::JavascriptFunction::CallFunction<0>+0x69
18 04ffcc90 7091613d jscript9!Js::ExternalType::ExternalEntryThunk+0x92
19 04ffced8 708f6ad5 jscript9!Js::InterpreterStackFrame::Process+0x81d
1a 04ffcfdc 060d0019 jscript9!Js::InterpreterStackFrame::InterpreterThunk<1>+0x205
WARNING: Frame IP not in any known module. Following frames may be wrong.
1b 04ffcfe8 709ca253 0x60d0019
1c 04ffd02c 7095e44f jscript9!Js::JavascriptFunction::CallFunction<1>+0x93
1d 04ffd0a0 7095e315 jscript9!Js::JavascriptFunction::CallRootFunctionInternal+0xb5
1e 04ffd0f8 709ac863 jscript9!Js::JavascriptFunction::CallRootFunction+0x4d
1f 04ffd140 708eb0da jscript9!ScriptSite::CallRootFunction+0x42
20 04ffd17c 708ea23d jscript9!ScriptSite::Execute+0xcc
21 04ffd1d8 7247ec1d jscript9!ScriptEngineBase::Execute+0x9d
22 04ffd208 7230bfc6 MSHTML!CJScript9Holder::ExecuteCallback+0x3d
23 04ffd250 722bedb7 MSHTML!CScriptTimers::ExecuteTimer+0x24f
24 04ffd2c0 722bea3f MSHTML!CWindow::FireTimeOut+0x1a7
25 04ffd310 722bcd20 MSHTML!CPaintBeat::ProcessTimers+0x1bf
26 04ffd344 722b980e MSHTML!CPaintBeat::OnBeat+0x200
27 04ffd370 723cac23 MSHTML!CPaintBeat::OnVSyncMethodCall+0x7e
28 04ffd3fc 723cb39f MSHTML!GlobalWndOnPaintPriorityMethodCall+0x1c3
29 04ffd448 74cabe6b MSHTML!GlobalWndProc+0xef
2a 04ffd474 74ca833a USER32!_InternalCallWinProc+0x2b
2b 04ffd55c 74ca7eda USER32!UserCallWinProcCheckWow+0x3aa
2c 04ffd5c0 74caa629 USER32!DispatchClientMessage+0xea
2d 04ffd600 77b3c6cd USER32!__fnDWORD+0x49
2e 04ffd638 75472e3c ntdll!KiUserCallbackDispatcher+0x4d
2f 04ffd63c 74ca7cfa win32u!NtUserDispatchMessage+0xc
30 04ffd6a0 74ca79d0 USER32!DispatchMessageWorker+0x31a
31 04ffd6ac 7365485f USER32!DispatchMessageW+0x10
32 04fff83c 73653e60 IEFRAME!CTabWindow::_TabWindowThreadProc+0x46f
33 04fff8fc 7407b61c IEFRAME!LCIETab_ThreadProc+0x410
34 04fff914 7318156d msIso!_IsoThreadProc_WrapperToReleaseScope+0x1c
35 04fff94c 74e48484 IEShims!NS_CreateThread::AutomationIE_ThreadProc+0x8d
36 04fff960 77b3305a KERNEL32!BaseThreadInitThunk+0x24
37 04fff9a8 77b3302a ntdll!__RtlUserThreadStart+0x2f
38 04fff9b8 00000000 ntdll!_RtlUserThreadStart+0x1b
