what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Windows Diagnostic Troubleshooting Wizard Buffer Overflow

Windows Diagnostic Troubleshooting Wizard Buffer Overflow
Posted Mar 17, 2015
Authored by Nick Prowse

Microsoft Windows Diagnostic Troubleshooting Wizard suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | windows
SHA-256 | 4cece5e320932e7702b7eabfa2aaeb0ad115b1cfa29142b0be78a1372ac31ad7

Windows Diagnostic Troubleshooting Wizard Buffer Overflow

Change Mirror Download
Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard
Researcher: Nicholas Prowse
Filename:     msdt.exe
MD5:   (coming soon)
File size:  1024000 bytes Operating System:     Windows 8.0
OS Version:     Pro
Architecture:     x64
Description field in Procmon: Buffer Overflow
Operations (FileSystem Activity):
- QuerySecurityFile
- QueryAllInformationFile
Paths:
- C:\Windows\System32\msdt.exe
- C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-net~(..longstring..)~amd64~~6.2.9200.16384.cat
- C:\Users\(username)\AppData\Local\Diagnostics\460911090
Proof-of-concept or exploit code:     None available
Impact:     Not yet known
Steps to reproduce:Install Windows 8.0 x64 from disk. Once installed started capture with Procmon v3.1. Started Diagnostic Troubleshooting Wizard. Mulitple entries with "Buffer overflow" visible in Process Monitor capture.

Further info:Pml file of capture is available for further investigation including possible Stack Trace.
Timeline:
The issue has been made publicly available on 11/03/2015 on www.nicholasprowse.co.uk/vulnerability-research.html
Emailed MS on 12/03/2015.Received email from MSRC on 12/03/2015 opening case.

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close