Closed aninax closed 4 years ago
Hey,
You seem to have removed the part of the BugId output that provides details about the crash, so I cannot help you figure out what the problem is. Also, BugId should produce a html report; attaching that might help me pinpoint the issue.
If you run MSIE without BugId does it work? Can you visit websites without crashes?
Cheers,
BJ
Hi,
Here is output:
* Command line: C:\Program Files\Internet Explorer\iexplore.exe file://C:\Fuzzing\Tests\index.html
+ Main process 16860/0x41DC (iexplore.exe): Attached; command line = "C:\Program Files\Internet Explorer\iexplore.exe" file://C:\Fuzzing\Tests\index.html.
- You are debugging an x86 process running IEXPLORE.EXE with a x64 cdb.exe.
This appears to be due to the application running both x86 and x64 processes.
Unfortunately, this means use-after-free bugs in this process may be reported
as attempts to access reserved memory regions, which is tecnically true but
not as accurate as you might expect.
+ Sub process 4116/0x1014 (IEXPLORE.EXE): Attached; command line = "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:16860 CREDAT:17410 /prefetch:2.
┌─ A bug was detected ─────────────────────────────────────────────────────────────────────────────────────────────────
│ Id @ Location: AVW:Exec/Read[0x1000]@0x410 c09.72c @ iexplore.exe!ntdll.dll!NtProtectVirtualMemory
│ Description: An Access Violation exception happend at 0x2F15410 while attempting to write 1040/0x410 bytes into a 4096/0x1000 bytes read- and executable memory block at 0x2F15000.
│ Security impact: Unlikely to be an exploitable security issue unless the address can be controlled.
│ Version: iexplore.exe 11.0.18362.1 (x86)
│ ntdll.dll 10.0.18362.387 (x86)
│ Bug report: AVW.Exec Read[0x1000]@0x410 c09.72c @ iexplore.exe!ntdll.dll!NtProtectVirtualMemory.html (645143 bytes)
└──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Crash detected!
Copying report and repro to C:\Fuzzing\Results\msie\AVW.Exec Read[0x1000]@0x410 c09.72c @ iexplore.exe!ntdll.dll!NtProtectVirtualMemory folder...
It is not crashing during fuzzing, it is crashing before. I can open fuzz files in IE without no problem, and they not crash IE. I can send you my report file, could you pls give me email? Thanks
also, yes I can open websites with IE without no problem.
Please send the report along with your index.html
file to bugid93_github.com@skylined.nl
. I will have a look. If you could also add the output of BugId --version
that would allow me to check with the same version of Windows/MSIE/Python/BugId.
Thanks!
It is sent. Thank you
Unfortunately I cannot reproduce the crash you are seeing. I've tested with:
BugId 2020-01-09 11:00
Windows 10 Pro release 1909, build 18363 x64.
Python 2.7.17 x64
Looking at the crash report, I see the crash happening during new thread initialization by ntdll
, before the actual application (MSIE) is doing anything useful. This suggests that it is not a problem in MSIE but in your Windows installation. Unfortunately I do not know why this happens on your machine but reinstalling Windows will most likely resolve the issue.
Please try reinstalling Windows and running your test again. If you are not running BugId in a Virtual Machine, this can be quite time-consuming and inconvenient. I would suggest you use Hyper-V or some other VM to create a clean Windows installation for fuzzing that can be easily reinstalled when it becomes corrupted.
Thank you for your help. IE fuzzing is working on clean Windows 10 installation.
Hi,
I am fuzzing IE following tutorial from "Fuzz in sixty seconds", with new BugId and domato, and every time IE before opening and running index template it is crashing and I am getting error "An Access Violation exception happend".
"Security impact: Unlikely to be an exploitable security issue unless the address can be controlled". Could you please help? Thanks