ACDSee Photo Studio Studio Professional 2021
Version 14.0 (Build 1721)
Copyright (c) 2020 ACD Systems International Inc.
Microsoft (R) Windows Debugger Version 10.0.17763.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: E:\acdsee\ACDSeePro14.exe E:\acdsee\bugs2\id_000033.bmp
Symbol search path is: srv*
Executable search path is:
ModLoad: 00007ff6`9e9a0000 00007ff6`9e9c3000 ACDSeePro14.exe
ModLoad: 00007ffc`f7620000 00007ffc`f7810000 ntdll.dll
ModLoad: 00007ffc`d3130000 00007ffc`d31a1000 C:\Windows\System32\verifier.dll
Page heap: pid 0x1490: page heap enabled with flags 0x2.
ModLoad: 00007ffc`f7190000 00007ffc`f7242000 C:\Windows\System32\KERNEL32.DLL
ModLoad: 00007ffc`f4fe0000 00007ffc`f5283000 C:\Windows\System32\KERNELBASE.dll
(1490.2d44): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ffc`f76f11dc cc int 3
0:000> g
ModLoad: 00000001`80000000 00000001`80bac000 C:\Program Files\ACD Systems\ACDSee Pro\14.0\PlugIns\IDE_ACDStd.apl
ModLoad: 00007ffc`f74d0000 00007ffc`f7522000 C:\Windows\System32\SHLWAPI.dll
ModLoad: 00007ffc`f65b0000 00007ffc`f664e000 C:\Windows\System32\msvcrt.dll
ModLoad: 00007ffc`e7190000 00007ffc`e7239000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.476_none_2a2a02a24667b734\COMCTL32.dll
ModLoad: 00007ffc`f7530000 00007ffc`f75d3000 C:\Windows\System32\ADVAPI32.dll
ModLoad: 00007ffc`f6080000 00007ffc`f63b6000 C:\Windows\System32\combase.dll
ModLoad: 00007ffc`f67a0000 00007ffc`f6837000 C:\Windows\System32\sechost.dll
ModLoad: 00007ffc`f4e80000 00007ffc`f4f7a000 C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ffc`f68c0000 00007ffc`f69e0000 C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ffc`f5410000 00007ffc`f5490000 C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffc`f7010000 00007ffc`f7036000 C:\Windows\System32\GDI32.dll
ModLoad: 00007ffc`f56a0000 00007ffc`f56c1000 C:\Windows\System32\win32u.dll
ModLoad: 00007ffc`f56d0000 00007ffc`f5864000 C:\Windows\System32\USER32.dll
ModLoad: 00007ffc`f5500000 00007ffc`f5694000 C:\Windows\System32\gdi32full.dll
ModLoad: 00007ffc`f5370000 00007ffc`f540e000 C:\Windows\System32\msvcp_win.dll
ModLoad: 00007ffc`f66d0000 00007ffc`f67a0000 C:\Windows\System32\COMDLG32.dll
ModLoad: 00007ffc`f58e0000 00007ffc`f5989000 C:\Windows\System32\shcore.dll
ModLoad: 00007ffc`e8070000 00007ffc`e80f9000 C:\Windows\SYSTEM32\WINSPOOL.DRV
ModLoad: 00007ffc`f4550000 00007ffc`f4561000 C:\Windows\System32\kernel.appcore.dll
ModLoad: 00007ffc`f5990000 00007ffc`f6075000 C:\Windows\System32\SHELL32.dll
ModLoad: 00007ffc`f5290000 00007ffc`f52b6000 C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffc`f06c0000 00007ffc`f07af000 C:\Windows\SYSTEM32\PROPSYS.dll
ModLoad: 00007ffc`f5490000 00007ffc`f54da000 C:\Windows\System32\cfgmgr32.dll
ModLoad: 00007ffc`f3a10000 00007ffc`f3a4a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffc`f7250000 00007ffc`f7314000 C:\Windows\System32\OLEAUT32.dll
ModLoad: 00007ffc`f4700000 00007ffc`f4e7e000 C:\Windows\System32\windows.storage.dll
ModLoad: 00007ffc`f4570000 00007ffc`f458f000 C:\Windows\System32\profapi.dll
ModLoad: 00007ffc`f4500000 00007ffc`f454a000 C:\Windows\System32\powrprof.dll
ModLoad: 00007ffc`f44f0000 00007ffc`f4500000 C:\Windows\System32\UMPDC.dll
ModLoad: 00007ffc`f54e0000 00007ffc`f54f7000 C:\Windows\System32\cryptsp.dll
ModLoad: 00007ffc`f6eb0000 00007ffc`f7006000 C:\Windows\System32\ole32.dll
ModLoad: 00007ffc`f1a30000 00007ffc`f1ff0000 C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffc`f1700000 00007ffc`f195b000 C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffc`f31f0000 00007ffc`f32db000 C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffc`f69f0000 00007ffc`f6a1e000 C:\Windows\System32\IMM32.dll
ModLoad: 00007ffc`e1a40000 00007ffc`e1be3000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.476_none_17afa4006da19f63\gdiplus.dll
ModLoad: 00007ffc`e11e0000 00007ffc`e11e7000 C:\Windows\SYSTEM32\MSIMG32.dll
ModLoad: 00007ffc`e8360000 00007ffc`e83c5000 C:\Windows\SYSTEM32\OLEACC.dll
ModLoad: 00007ffc`f1270000 00007ffc`f1294000 C:\Windows\SYSTEM32\WINMM.dll
ModLoad: 00007ffc`deef0000 00007ffc`def18000 C:\Windows\SYSTEM32\VCOMP140.DLL
ModLoad: 00007ffc`efe60000 00007ffc`efe6a000 C:\Windows\SYSTEM32\VERSION.dll
ModLoad: 00007ffc`f2870000 00007ffc`f2909000 C:\Windows\SYSTEM32\UxTheme.dll
ModLoad: 00007ffc`f3160000 00007ffc`f3180000 C:\Windows\SYSTEM32\dxcore.dll
ModLoad: 00007ffc`f1240000 00007ffc`f126d000 C:\Windows\SYSTEM32\WINMMBASE.dll
ModLoad: 000001ac`06bf0000 000001ac`06c1d000 C:\Windows\SYSTEM32\winmmbase.dll
(1490.2d44): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\ACD Systems\ACDSee Pro\14.0\PlugIns\IDE_ACDStd.apl -
IDE_ACDStd!JPEGTransW+0xc7f4:
00000001`801889e4 418841fc mov byte ptr [r9-4],al ds:000001ac`0ed52000=??
0:000> r
rax=0000000000000000 rbx=000000018048bda8 rcx=0000000000000000
rdx=0000000000000000 rsi=000001ac0ed51ae0 rdi=0000000000000002
rip=00000001801889e4 rsp=00000013618fe3d0 rbp=0000000000000000
r8=0000000000000000 r9=000001ac0ed52004 r10=0000000000000117
r11=00000013618fe61e r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
IDE_ACDStd!JPEGTransW+0xc7f4:
00000001`801889e4 418841fc mov byte ptr [r9-4],al ds:000001ac`0ed52000=??
0:000> db 000001ac0ed51fe0 L40
000001ac`0ed51fe0 00 00 00 00 00 00 00 00-00 4a 08 00 00 00 00 00 .........J......
000001ac`0ed51ff0 00 00 00 00 00 00 00 00-83 4a 08 00 00 00 00 00 .........J......
000001ac`0ed52000 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
000001ac`0ed52010 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
0:000> .load msec
0:000> !exploitable
!exploitable 1.6.0.0
*** WARNING: Unable to verify checksum for ACDSeePro14.exe
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 (Hash=0x16ade831.0xa3b7a202)
User mode write access violations that are not near NULL are exploitable.