| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1383373495.8204855.1426430459300.JavaMail.yahoo@mail.yahoo.com>
Date: Sun, 15 Mar 2015 14:40:59 +0000 (UTC)
From: Nick Prowse <nick_prowse34@...oo.co.uk>
To: "Full Disclosure. Mailing list" <fulldisclosure@...lists.org>
Subject: [FD] Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard
- msdt.exe - Win 8.0 Pro - x64
Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard
Researcher: Nicholas Prowse
Filename: msdt.exe
MD5: (coming soon)
File size: 1024000 bytes Operating System: Windows 8.0
OS Version: Pro
Architecture: x64
Description field in Procmon: Buffer Overflow
Operations (FileSystem Activity):
- QuerySecurityFile
- QueryAllInformationFile
Paths:
- C:\Windows\System32\msdt.exe
- C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-net~(..longstring..)~amd64~~6.2.9200.16384.cat
- C:\Users\(username)\AppData\Local\Diagnostics\460911090
Proof-of-concept or exploit code: None availableImpact: Not yet known
Steps to reproduce:Install Windows 8.0 x64 from disk. Once installed started capture with Procmon v3.1. Started Diagnostic Troubleshooting Wizard. Mulitple entries with "Buffer overflow" visible in Process Monitor capture.
Further info:Pml file of capture is available for further investigation including possible Stack Trace.
Timeline:
The issue has been made publicly available on 11/03/2015 on www.nicholasprowse.co.uk/vulnerability-research.htmlEmailed MS on 12/03/2015.Received email from MSRC on 12/03/2015 opening case.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists