[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64



Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard
Researcher: Nicholas Prowse
Filename:     msdt.exe
 MD5:   (coming soon)
File size:  1024000 bytes Operating System:     Windows 8.0
 OS Version:     Pro
 Architecture:     x64
 Description field in Procmon: Buffer Overflow
Operations (FileSystem Activity):    
   - QuerySecurityFile
   - QueryAllInformationFile
 Paths:    
   - C:\Windows\System32\msdt.exe
   - 
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-net~(..longstring..)~amd64~~6.2.9200.16384.cat
   - C:\Users\(username)\AppData\Local\Diagnostics\460911090
Proof-of-concept or exploit code:     None availableImpact:     Not yet known
Steps to reproduce:Install Windows 8.0 x64 from disk. Once installed started 
capture with Procmon v3.1. Started Diagnostic Troubleshooting Wizard. Mulitple 
entries with "Buffer overflow" visible in Process Monitor capture.

Further info:Pml file of capture is available for further investigation 
including possible Stack Trace.
Timeline:
The issue has been made publicly available on 11/03/2015 on 
www.nicholasprowse.co.uk/vulnerability-research.htmlEmailed MS on 
12/03/2015.Received email from MSRC on 12/03/2015 opening case.



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/