Similar to previous cases related to fuzzing DICOM software I used the same approach and decided to check the application called AMIDE. Few details about it you can find below. Here we go...
This time we'll start here:
How I created a simple file to start this fuzzing session - you can find here.
Details about the crash you can find presented below (or you can grab the sample file here and check it on your own;)):
---<cut>---
CommandLine: "c:\Program Files\amide\bin\amide.exe" C:\sf_a4381e4a5f26cfa889322b47182e64f0-248.xif
(...)
(a9c.7c8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=002cf3fc ecx=00000004 edx=00000004 esi=007139d8 edi=006f7ee0
eip=0115ba7d esp=002cf320 ebp=0121c374 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
image01070000+0xeba7d:
0115ba7d 0fbf4012 movsx eax,word ptr [eax+12h] ds:0023:00000012=????
0:000> r;r;!exploitable -v;kb;r;u eip-1;u eip;r;q
(...)
!exploitable 1.6.0.0
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0x12
First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Read Access Violation
Faulting Instruction:0115ba7d movsx eax,word ptr [eax+12h]
(...)
Description: Read Access Violation near NULL
Short Description: ReadAVNearNull
Exploitability Classification: PROBABLY_NOT_EXPLOITABLE
Recommended Bug Title: Read Access Violation near NULL starting at image01070000+0x00000000000eba7d (Hash=0x11c71531.0x221f6d36)
---</cut>---
See you next time!
Brak komentarzy:
Prześlij komentarz