lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 15 Mar 2015 13:35:16 +0000 (UTC)
From: Nick Prowse <nick_prowse34@...oo.co.uk>
To: "Full Disclosure. Mailing list" <fulldisclosure@...lists.org>
Subject: [FD] Multiple Buffer Overflows in .NetFramework v4.03 - Win 8.0 Pro
 - x64

Multiple Buffer Overflows in .NetFramework v4.03
Researcher: Nicholas Prowse
 Filename: ngen.exe
 MD5: ca72696a9861f14cf76f1637b8e6bc44File size: 139264 bytes
 Operating System: Windows 8.0
 OS Version: Pro
 Architecture: x64
 Description: MS Common Language Runtime Native Compiler
 Image Path: C:\Windows\.Microsoft.NET\Frameworkv4.0.30319\ngen.exe
 Operations (Registry Activity): RegQueryValue and RegEnumKey
 Registry Keys referenced:    
   - HKLM\SOFTWARE\Wow3264Node\Microsoft\.NetFramework\v2.0.50727\NGenService\Roots and its Subkeys
   - HKLM\SOFTWARE\Microsoft\.NetFramework\v2.0.50727\NGenService\Roots and its SubKeys
   - HKU\.Default\Control Panel\Desktop\MuiCached\MachinePreferedUILanguages
Proof-of-concept or exploit code:     None availableImpact:     Not yet known
Steps to reproduce:Install Windows 8.0 x64 from disk. Once installed started capture with Procmon v3.1. Started Diagnostic Troubleshooting Wizard. Multiple entries with "Buffer overflow" visible in Process Monitor capture.

Further info:Pml file of capture is available for further investigation including possible Stack Trace.- The same .pml file contains Diagnostic Troubleshooting Wizard Buffer overflows that has been reported to Microsoft via email separately.

Timeline:
The issue has been made publicly available on 11/03/2015 on www.nicholasprowse.co.uk/vulnerability-research.htmlEmailed MS on 12/03/2015.Received email from MSRC on 12/03/2015 opening case.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ