czwartek, 9 maja 2019

Crashing Edraw Max

Below you will find few details from just another fuzzing session - this time I tried Edraw Max (7.9.3). Here we go...
I tried version 7.9.3 installed on Windows 7 (x86):


You can grab the software here.

TL;DR - pack of few crashes FYI (all identified by msec.dll as 'exploitable')

#01 - Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey

---
eax=0023dee4 ebx=00000000 ecx=775207ed edx=0023dc81 esi=00370000 edi=00010003
eip=775c283b esp=0023ded4 ebp=0023df4c iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
ntdll!RtlpNtMakeTemporaryKey+0x1a77:
775c283b eb12            jmp     ntdll!RtlpNtMakeTemporaryKey+0x1a8b (775c284f)
---

#02 - Read Access Violation at the Instruction Pointer

---
eax=8b560c5d ebx=00000000 ecx=00090009 edx=76005300 esi=04691184 edi=00000790
eip=8b560c5d esp=0020e1c0 ebp=0020e254 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
8b560c5d ??              ???
---


#03 - Read Access Violation at the Instruction Pointer

---
eax=15ff8007 ebx=00000000 ecx=00090009 edx=76005300 esi=04691b74 edi=00000790
eip=15ff8007 esp=0023e3f0 ebp=0023e484 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
15ff8007 ??              ???
---


All cases (fuzzed samples + windbg info) you will find here.

See you next time.

Cheers


1 komentarz: