lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5350f48b-3975-634e-4a2a-b42d4956cc6d@vulnerability-lab.com>
Date: Tue, 16 May 2017 12:11:02 +0200
From: Vulnerability Lab <research@...nerability-lab.com>
To: fulldisclosure@...lists.org
Subject: [FD] Mozilla Firefox v52.02 - (Stack Overflow) DoS Vulnerability

Document Title:
===============
Mozilla Firefox v52.02 - (Stack Overflow) DoS Vulnerability 


References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2050


Release Date:
=============
2017-05-04


Vulnerability Laboratory ID (VL-ID):
====================================
2050


Common Vulnerability Scoring System:
====================================
3


Vulnerability Class:
====================
Denial of Service


Product & Service Introduction:
===============================
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users 
employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations 
and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship 
circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software 
developers to create new communication tools with built-in privacy features.

(Copy of the Vendor Homepage: https://www.torproject.org/about/overview)


Abstract Advisory Information:
==============================
The vulnerability laboratory core research team discovered a null pointer denial of service vulnerability in the Mozilla Firefox v52.02 & Tor Browser v6.5.1 for microsoft windows.



Vulnerability Disclosure Timeline:
==================================
2017-04-09: Researcher Notification & Coordination (SaifAllah benMassaoud)
2017-04-10: Vendor Notification (Mozilla Security Team)
2017-04-12: Vendor Response/Feedback (Mozilla Security Team)
2017-**-**: Vendor Fix/Patch (Mozilla Service Developer Team)
2017-05-04: Public Disclosure (Vulnerability Laboratory)


Discovery Status:
=================
Published


Affected Product(s):
====================
Tor Project
Product: Tor Browser - Software (Mozilla Firefox Engine) 6.5.1


Exploitation Technique:
=======================
Local


Severity Level:
===============
Medium


Technical Details & Description:
================================
A null pointer vulnerability has been discovered  in the Mozilla Firefox v52.02 & Tor Browser v6.5.1 for microsoft windows.
The vulnerability allows to crash the software application with an unexpected error exception.

The software vulnerability is located in the xml document parser of the firefox engine in the tor browser. 
The issue could corrupt memory in such a way that remote attackers could crash affected versions permanently.
The crash occurs because of a provoked non-exploitable stack overflow issue. The issue is in connection to the design and template.

The security risk of the vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. 
Exploitation of the denial of service web vulnerability requires low interaction and no privilege system user account. 
Successful exploitation of the application web vulnerability results in permanent application crashs or stable process shutdown.

Affected Version(s):
[+] Mozilla Firefox v52.02
[+] Stable Tor Browser - Microsoft Windows (6.5.1) 32/64-bit (sig)
[+] Experimental Tor Browser - Microsoft Windows (7.0a2) 32/64-bits (sig)


Proof of Concept (PoC):
=======================
The remote point vulnerability can be exploited by remote attackers without privilege application user account and with low user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.


PoC: Exploit
https://www.vulnerability-lab.com/resources/documents/poc_2015.rar


--- Debug Error Exception Log ---
(c68.161c): Stack overflow - code c00000fd 
eax=00000001 ebx=23a7ab68 ecx=23a7ab68 edx=00000000 esi=23a7a938 edi=00000000
eip=02a0a811 esp=00202fb0 ebp=00000001 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210202
*** WARNING: Unable to verify timestamp for C:UsersdellDesktopTor BrowserBrowserxul.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:UsersdellDesktopTor BrowserBrowserxul.dll - 
xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcd673:
02a0a811 89442438        mov     dword ptr [esp+38h],eax ss:0023:00202fe8=00000000


--- Debug Logs [Exception Analysis] ---
FAULTING_IP: 
xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+cda4f
02a0abed 83ec08          sub     esp,8
-
EXCEPTION_RECORD:  ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 02a0a811 (xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0x000cd673)
   ExceptionCode: c00000fd (Stack overflow)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000001
   Parameter[1]: 00202fe8
FAULTING_THREAD:  0000161c
BUGCHECK_STR:  c00000fd
PROCESS_NAME:  image01350000
MODULE_NAME: xul
FAULTING_MODULE: 77210000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP:  0
ERROR_CODE: (NTSTATUS) 0xc00000fd - A new guard page for the stack cannot be created.
DEFAULT_BUCKET_ID:  WRONG_SYMBOLS
RECURRING_STACK: From frames 0x1 to 0x1
LAST_CONTROL_TRANSFER:  from 02a0abed to 02a0a811
-
STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
00203018 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcd673
00203088 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002030f8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203168 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002031d8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203248 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002032b8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203328 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203398 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203408 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203478 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002034e8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203558 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002035c8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203638 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002036a8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203718 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203788 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002037f8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203868 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002038d8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203948 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002039b8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203a28 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203a98 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203b08 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203b78 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203be8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203c58 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203cc8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203d38 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203da8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203e18 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203e88 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203ef8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203f68 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00203fd8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204048 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002040b8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204128 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204198 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204208 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204278 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002042e8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204358 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002043c8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204438 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002044a8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204518 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204588 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002045f8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204668 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002046d8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204748 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002047b8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204828 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204898 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204908 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204978 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
002049e8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204a58 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204ac8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204b38 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204ba8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204c18 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204c88 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204cf8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204d68 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204dd8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204e48 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204eb8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204f28 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00204f98 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00205008 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
00205078 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f
-
FOLLOWUP_IP: 
xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+cda4f
02a0abed 83ec08          sub     esp,8
SYMBOL_STACK_INDEX:  1
SYMBOL_NAME:  xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+cda4f
FOLLOWUP_NAME:  MachineOwner
IMAGE_NAME:  xul.dll
STACK_COMMAND:  ~0s ; kb
BUCKET_ID:  WRONG_SYMBOLS
Followup: MachineOwner
---------
0:000> lmvm xul
start    end        module name
01fb0000 063cd000   xul      T (export symbols)       C:UsersdellDesktopTor BrowserBrowserxul.dll
    Loaded symbol image file: C:UsersdellDesktopTor BrowserBrowserxul.dll
    Image path: C:UsersdellDesktopTor BrowserBrowserxul.dll
    Image name: xul.dll
    Timestamp:        unavailable (00000000)
    CheckSum:         043E4461
    ImageSize:        0441D000
    File version:     45.8.0.6241
    Product version:  45.8.0.6241
    File flags:       8 (Mask 3F) Private
    File OS:          4 Unknown Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0000.04b0
    CompanyName:      Mozilla Foundation
    ProductName:      Tor Browser
    InternalName:     
    OriginalFilename: xul.dll
    ProductVersion:   45.8.0
    FileVersion:      45.8.0
    FileDescription:  
    LegalCopyright:   License: MPL 2
    LegalTrademarks:  Mozilla
    Comments:         
0:000> lmvm ntdll
start    end        module name
77210000 7734c000   ntdll      (export symbols)       C:WindowsSYSTEM32ntdll.dll
    Loaded symbol image file: C:WindowsSYSTEM32ntdll.dll
    Image path: ntdll.dll
    Image name: ntdll.dll
    Timestamp:        Mon Jul 13 18:09:47 2009 (4A5BDADB)
    CheckSum:         0014033F
    ImageSize:        0013C000
    File version:     6.1.7600.16385
    Product version:  6.1.7600.16385
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntdll.dll
    OriginalFilename: ntdll.dll
    ProductVersion:   6.1.7600.16385
    FileVersion:      6.1.7600.16385 (win7_rtm.090713-1255)
    FileDescription:  NT Layer DLL
    LegalCopyright:   © Microsoft Corporation. All rights reserved.


--- Erro Report Log ---
Version=1
EventType=APPCRASH
EventTime=131359951583902806
ReportType=2
Consent=1
ReportIdentifier=517d3ecb-1b21-11e7-ab35-005056c00008
IntegratorReportIdentifier=517d3eca-1b21-11e7-ab35-005056c00008
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=firefox.exe
Sig[1].Name=Application Version
Sig[1].Value=45.8.0.6241
Sig[2].Name=Application Timestamp
Sig[2].Value=00000000
Sig[3].Name=Fault Module Name
Sig[3].Value=xul.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=45.8.0.6241
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=00000000
Sig[6].Name=Exception Code
Sig[6].Value=c00000fd
Sig[7].Name=Exception Offset
Sig[7].Value=00a5a819
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7600.2.0.0.256.1
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=e5b7
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=e5b7e7b1ec7347f7a70dede1494dfb88
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=70b7
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=70b79d596cf0335109475db3ac4baee8
UI[2]=C:UsersdellDesktopTor BrowserBrowserfirefox.exe
UI[3]=Tor Browser has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:UsersdellDesktopTor BrowserBrowserfirefox.exe
... ... ...
LoadedModule[95]=C:Windowssystem32ntmarta.dll
LoadedModule[96]=C:Windowssystem32WLDAP32.dll
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Tor Browser
AppPath=C:UsersdellDesktopTor BrowserBrowserfirefox.exe



 --- Event Logs Application Crash ---
Problem Event Name: APPCRASH
Application Name: firefox.exe
Application Version: 45.8.0.6241
Application Timestamp: 00000000
Fault Module Name: xul.dll
Fault Module Version: 45.8.0.6241
Fault Module Timestamp:	00000000
Exception Code:	c00000fd
Exception Offset: 00a5a811
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional Information 1: a460
Additional Information 2: a4607e0fb6d61108ec72f324260bba98
Additional Information 3: 82d2
Additional Information 4: 82d2460400e752ab0685a263d9ca571b


Security Risk:
==============
The security risk of the local point issue and denial of service vulnerability in the tor software is estimated as medium. (CVSS 3.0)


Credits & Authors:
==================
Vulnerability Laboratory [Research Team] - SaifAllah benMassaoud (https://twitter.com/benmassaou) - (http://www.vulnerability-lab.com/show.php?user=SaifAllahbenMassaoud ) 


Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or 
implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any 
case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its 
suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental
or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface 
websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories 
or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, 
phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. 

Domains:    www.vulnerability-lab.com		- www.vulnerability-db.com					- www.evolution-sec.com
Programs:   vulnerability-lab.com/submit.php 	- vulnerability-lab.com/list-of-bug-bounty-programs.php 	- vulnerability-lab.com/register.php
Feeds:	    vulnerability-lab.com/rss/rss.php 	- vulnerability-lab.com/rss/rss_upcoming.php 			- vulnerability-lab.com/rss/rss_news.php
Social:	    twitter.com/vuln_lab		- facebook.com/VulnerabilityLab 				- youtube.com/user/vulnerability0lab

Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. 
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark 
of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission.

				    Copyright © 2017 | Vulnerability Laboratory - [Evolution Security GmbH]™




-- 
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ