Home / vulnerabilities Windows Diagnostic Troubleshooting Wizard Buffer Overflow
Posted on 18 March 2015
Source : packetstormsecurity.org Link
Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard
Researcher: Nicholas Prowse
Filename: msdt.exe
MD5: (coming soon)
File size: 1024000 bytes Operating System: Windows 8.0
OS Version: Pro
Architecture: x64
Description field in Procmon: Buffer Overflow
Operations (FileSystem Activity):
- QuerySecurityFile
- QueryAllInformationFile
Paths:
- C:WindowsSystem32msdt.exe
- C:WindowsSystem32catroot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}Microsoft-Windows-Client-Features-Package-net~(..longstring..)~amd64~~6.2.9200.16384.cat
- C:Users(username)AppDataLocalDiagnostics460911090
Proof-of-concept or exploit code: None available
Impact: Not yet known
Steps to reproduce:Install Windows 8.0 x64 from disk. Once installed started capture with Procmon v3.1. Started Diagnostic Troubleshooting Wizard. Mulitple entries with "Buffer overflow" visible in Process Monitor capture.
Further info:Pml file of capture is available for further investigation including possible Stack Trace.
Timeline:
The issue has been made publicly available on 11/03/2015 on www.nicholasprowse.co.uk/vulnerability-research.html
Emailed MS on 12/03/2015.Received email from MSRC on 12/03/2015 opening case.
