![]() Shell32!CDefView::_DoContextMenuPopup+0x2f7 Shell32!CDefFolderMenu::Quer圜ontextMenu+0x7d2 Shell32!CDefFolderMenu::_UnduplicateVerbs+0x31f Shell32!CDefFolderMenu::GetCommandString+0x1f6 Ntdll!KiUserCallbackDispatcherHandler+0x20 Ntdll!LdrpLogFatalUserCallbackException+0xa2 KERNELBASE!UnhandledExceptionFilter+0x1f1 Ucrtbase!_crt_state_management::wrapped_invoke+0xfĮxplorer!_scrt_unhandled_exception_filter+0x5a EXCEPTION_RECORD: (.exr -1)ĮxceptionAddress: 00007ffcaa19dd7e (ucrtbase!abort+0x000000000000004e)ĮxceptionCode: c0000409 (Security check failure or stack buffer overrun) I have also attached Explorer crash dumps for analysis. To reproduce, download the attached ZIP file and right-click it. ![]() Since it occurs in Explorer, this can be exploited to escalate privileges. ![]() This stack overflow occurs in ucrtbase.dll and Windows.UI.FileExplorer.dll. I have found a stack overflow bug in Explorer. Later, the status code was broadened to mean “Program self-triggered abnormal termination”, but it was too late to change the name.Ī security vulnerability report came in that went like this: I noted some time ago that STATUS_ STACK_ BUFFER_ OVERRUN doesn’t mean that there was a stack buffer overrun, although that’s what it meant at first. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |