Just like before I found an application that was able to handle my fuzzing scenario so I decided to give it a try. Details from another 'night fuzzing session' you will find below. Here we go...
This time we'll start here:
Version I tried was described as 2022.2 (there are already updated one). To fuzz this app I used some example DICOM files I was able to find online.
Few of the results are presented below:
Crash #01:
---<cut>---
CommandLine: "c:\Program Files\MicroDicom\mDicom.exe" C:\sf_0afb37cba38363d6298809567c8b30be-939.dcm
(...)
(3d4.aec): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=039c9848 ecx=00000000 edx=001574c9 esi=3319efa0 edi=0493efa0
eip=00d0a2f4 esp=0012e698 ebp=0012e6b8 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206
image00400000+0x90a2f4:
00d0a2f4 660f7f7760 movdqa xmmword ptr [edi+60h],xmm6 ds:0023:0493f000=????????????????????????????????
(...)
!exploitable 1.6.0.0
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0x493f000
First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Write Access Violation
Faulting Instruction:00d0a2f4 movdqa xmmword ptr [edi+60h],xmm6
(...)
---</cut>---
Another one (described by !msec as Unknown) is presented below.
Crash #02:
---<cut>---
CommandLine: "c:\Program Files\MicroDicom\mDicom.exe" C:\iteration_wwmynj\foe-crash-qulfry\sf_0afb37cba38363d6298809567c8b30be-2341.dcm
(...)
(c84.cf4): C++ EH exception - code e06d7363 (first chance)
(c84.cf4): C++ EH exception - code e06d7363 (first chance)
(c84.cf4): C++ EH exception - code e06d7363 (!!! second chance !!!)
eax=0012e7a8 ebx=19930520 ecx=00000003 edx=00000000 esi=00000000 edi=010ddc10
eip=75ef812f esp=0012e7a8 ebp=0012e7f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200212
KERNELBASE!RaiseException+0x54:
75ef812f c9 leave
0:000> r;r;!exploitable -v;kb;r;u eip-1;u eip;r;q
eax=0012e7a8 ebx=19930520 ecx=00000003 edx=00000000 esi=00000000 edi=010ddc10
eip=75ef812f esp=0012e7a8 ebp=0012e7f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200212
KERNELBASE!RaiseException+0x54:
75ef812f c9 leave
(...)
!exploitable 1.6.0.0
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0x75ef812f
Second Chance Exception Type: STATUS_CPP_EH_EXCEPTION (0xE06D7363)
Faulting Instruction:75ef812f leave
---</cut>---
More example files from fuzzer you can find here.
See you next time!
Brak komentarzy:
Prześlij komentarz