NetFramework version 4.03 suffers from buffer overflow vulnerabilities.
b3060378025fd371ff54d57225de65a0e37ad829f6e3c1e608cf2af10bbab183
Multiple Buffer Overflows in .NetFramework v4.03
Researcher: Nicholas Prowse
Filename: ngen.exe
MD5: ca72696a9861f14cf76f1637b8e6bc44File size: 139264 bytes
Operating System: Windows 8.0
OS Version: Pro
Architecture: x64
Description: MS Common Language Runtime Native Compiler
Image Path: C:\Windows\.Microsoft.NET\Frameworkv4.0.30319\ngen.exe
Operations (Registry Activity): RegQueryValue and RegEnumKey
Registry Keys referenced:
- HKLM\SOFTWARE\Wow3264Node\Microsoft\.NetFramework\v2.0.50727\NGenService\Roots and its Subkeys
- HKLM\SOFTWARE\Microsoft\.NetFramework\v2.0.50727\NGenService\Roots and its SubKeys
- HKU\.Default\Control Panel\Desktop\MuiCached\MachinePreferedUILanguages
Proof-of-concept or exploit code: None available
Impact: Not yet known
Steps to reproduce:Install Windows 8.0 x64 from disk. Once installed started capture with Procmon v3.1. Started Diagnostic Troubleshooting Wizard. Multiple entries with "Buffer overflow" visible in Process Monitor capture.
Further info:Pml file of capture is available for further investigation including possible Stack Trace.- The same .pml file contains Diagnostic Troubleshooting Wizard Buffer overflows that has been reported to Microsoft via email separately.
Timeline:
The issue has been made publicly available on 11/03/2015 on www.nicholasprowse.co.uk/vulnerability-research.html
Emailed MS on 12/03/2015.Received email from MSRC on 12/03/2015 opening case.