Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64

From: Nick Prowse <nick_prowse34 () yahoo co uk>
Date: Sun, 15 Mar 2015 14:40:59 +0000 (UTC)
Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard
Researcher: Nicholas Prowse
Filename:     msdt.exe
 MD5:   (coming soon)
File size:  1024000 bytes Operating System:     Windows 8.0
 OS Version:     Pro
 Architecture:     x64
 Description field in Procmon: Buffer Overflow
Operations (FileSystem Activity):    
   - QuerySecurityFile
   - QueryAllInformationFile
 Paths:    
   - C:\Windows\System32\msdt.exe
   - 
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-net~(..longstring..)~amd64~~6.2.9200.16384.cat
   - C:\Users\(username)\AppData\Local\Diagnostics\460911090
Proof-of-concept or exploit code:     None availableImpact:     Not yet known
Steps to reproduce:Install Windows 8.0 x64 from disk. Once installed started capture with Procmon v3.1. Started 
Diagnostic Troubleshooting Wizard. Mulitple entries with "Buffer overflow" visible in Process Monitor capture.

Further info:Pml file of capture is available for further investigation including possible Stack Trace.
Timeline:
The issue has been made publicly available on 11/03/2015 on www.nicholasprowse.co.uk/vulnerability-research.htmlEmailed 
MS on 12/03/2015.Received email from MSRC on 12/03/2015 opening case.



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: