ACDSee Photo Studio Studio Professional 2021
Version 14.0 (Build 1721)
Copyright (c) 2020 ACD Systems International Inc.
CommandLine: E:\acdsee\ACDSeePro14.exe E:\acdsee\bugs2\id_000022.bmp
Symbol search path is: srv*
Executable search path is:
ModLoad: 00007ff6`9e9a0000 00007ff6`9e9c3000 ACDSeePro14.exe
ModLoad: 00007ffc`f7620000 00007ffc`f7810000 ntdll.dll
ModLoad: 00007ffc`cf310000 00007ffc`cf381000 C:\Windows\System32\verifier.dll
Page heap: pid 0x2534: page heap enabled with flags 0x2.
ModLoad: 00007ffc`f7190000 00007ffc`f7242000 C:\Windows\System32\KERNEL32.DLL
ModLoad: 00007ffc`f4fe0000 00007ffc`f5283000 C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007ffc`f27c0000 00007ffc`f284f000 C:\Windows\SYSTEM32\apphelp.dll
(2534.18c): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ffc`f76f11dc cc int 3
0:000> g
ModLoad: 00000001`80000000 00000001`80bac000 C:\Program Files\ACD Systems\ACDSee Pro\14.0\PlugIns\IDE_ACDStd.apl
ModLoad: 00007ffc`f74d0000 00007ffc`f7522000 C:\Windows\System32\SHLWAPI.dll
ModLoad: 00007ffc`f65b0000 00007ffc`f664e000 C:\Windows\System32\msvcrt.dll
ModLoad: 00007ffc`e7190000 00007ffc`e7239000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.476_none_2a2a02a24667b734\COMCTL32.dll
ModLoad: 00007ffc`f7530000 00007ffc`f75d3000 C:\Windows\System32\ADVAPI32.dll
ModLoad: 00007ffc`f6080000 00007ffc`f63b6000 C:\Windows\System32\combase.dll
ModLoad: 00007ffc`f67a0000 00007ffc`f6837000 C:\Windows\System32\sechost.dll
ModLoad: 00007ffc`f68c0000 00007ffc`f69e0000 C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ffc`f4e80000 00007ffc`f4f7a000 C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ffc`f5410000 00007ffc`f5490000 C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffc`f7010000 00007ffc`f7036000 C:\Windows\System32\GDI32.dll
ModLoad: 00007ffc`f56a0000 00007ffc`f56c1000 C:\Windows\System32\win32u.dll
ModLoad: 00007ffc`f56d0000 00007ffc`f5864000 C:\Windows\System32\USER32.dll
ModLoad: 00007ffc`f5500000 00007ffc`f5694000 C:\Windows\System32\gdi32full.dll
ModLoad: 00007ffc`f5370000 00007ffc`f540e000 C:\Windows\System32\msvcp_win.dll
ModLoad: 00007ffc`f66d0000 00007ffc`f67a0000 C:\Windows\System32\COMDLG32.dll
ModLoad: 00007ffc`f58e0000 00007ffc`f5989000 C:\Windows\System32\shcore.dll
ModLoad: 00007ffc`e8070000 00007ffc`e80f9000 C:\Windows\SYSTEM32\WINSPOOL.DRV
ModLoad: 00007ffc`f4550000 00007ffc`f4561000 C:\Windows\System32\kernel.appcore.dll
ModLoad: 00007ffc`f5990000 00007ffc`f6075000 C:\Windows\System32\SHELL32.dll
ModLoad: 00007ffc`f5490000 00007ffc`f54da000 C:\Windows\System32\cfgmgr32.dll
ModLoad: 00007ffc`f5290000 00007ffc`f52b6000 C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffc`f06c0000 00007ffc`f07af000 C:\Windows\SYSTEM32\PROPSYS.dll
ModLoad: 00007ffc`f3a10000 00007ffc`f3a4a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffc`f7250000 00007ffc`f7314000 C:\Windows\System32\OLEAUT32.dll
ModLoad: 00007ffc`f4700000 00007ffc`f4e7e000 C:\Windows\System32\windows.storage.dll
ModLoad: 00007ffc`f4570000 00007ffc`f458f000 C:\Windows\System32\profapi.dll
ModLoad: 00007ffc`f4500000 00007ffc`f454a000 C:\Windows\System32\powrprof.dll
ModLoad: 00007ffc`f44f0000 00007ffc`f4500000 C:\Windows\System32\UMPDC.dll
ModLoad: 00007ffc`f54e0000 00007ffc`f54f7000 C:\Windows\System32\cryptsp.dll
ModLoad: 00007ffc`f6eb0000 00007ffc`f7006000 C:\Windows\System32\ole32.dll
ModLoad: 00007ffc`f1700000 00007ffc`f195b000 C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffc`f1a30000 00007ffc`f1ff0000 C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffc`f31f0000 00007ffc`f32db000 C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffc`f69f0000 00007ffc`f6a1e000 C:\Windows\System32\IMM32.dll
ModLoad: 00007ffc`e1a40000 00007ffc`e1be3000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.476_none_17afa4006da19f63\gdiplus.dll
ModLoad: 00007ffc`e11e0000 00007ffc`e11e7000 C:\Windows\SYSTEM32\MSIMG32.dll
ModLoad: 00007ffc`e8360000 00007ffc`e83c5000 C:\Windows\SYSTEM32\OLEACC.dll
ModLoad: 00007ffc`f1270000 00007ffc`f1294000 C:\Windows\SYSTEM32\WINMM.dll
ModLoad: 00007ffc`deef0000 00007ffc`def18000 C:\Windows\SYSTEM32\VCOMP140.DLL
ModLoad: 00007ffc`efe60000 00007ffc`efe6a000 C:\Windows\SYSTEM32\VERSION.dll
ModLoad: 00007ffc`f3160000 00007ffc`f3180000 C:\Windows\SYSTEM32\dxcore.dll
ModLoad: 00007ffc`f1240000 00007ffc`f126d000 C:\Windows\SYSTEM32\WINMMBASE.dll
ModLoad: 00007ffc`f2870000 00007ffc`f2909000 C:\Windows\SYSTEM32\UxTheme.dll
(2534.18c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\ACD Systems\ACDSee Pro\14.0\PlugIns\IDE_ACDStd.apl -
IDE_ACDStd!zlibVersion+0x4e5e:
00000001`803ecb4e f3a4 rep movs byte ptr [rdi],byte ptr [rsi]
0:000> r
rax=0000023bdb2c2ff0 rbx=0000023bdb2b7ac0 rcx=00000000000083f1
rdx=0000000000001c00 rsi=0000023bdb2c4c00 rdi=0000023bdb2c3000
rip=00000001803ecb4e rsp=000000a5c7f5e368 rbp=0000000000000000
r8=0000000000008401 r9=0000000180000000 r10=0000023bdb2c4bf0
r11=0000023bdb2c2ff0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000001 r15=0000000000008401
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
IDE_ACDStd!zlibVersion+0x4e5e:
00000001`803ecb4e f3a4 rep movs byte ptr [rdi],byte ptr [rsi]
0:000> db 0000023bdb2c4be0 L40
0000023b`db2c4be0 40 42 8f cf 3b 02 00 00-00 00 00 00 bb bb ba dc @B..;...........
0000023b`db2c4bf0 01 01 01 84 f8 f8 f8 f8-f8 f8 f8 f8 f8 f8 f8 f8 ................
0000023b`db2c4c00 f8 f8 f8 f8 f8 f8 f8 f8-f8 f8 f8 f8 f8 f8 f8 f8 ................
0000023b`db2c4c10 f8 f8 f8 f8 f8 f8 f8 f8-f8 f8 f8 f8 f8 f8 f8 f8 ................
0:000> db 0000023bdb2c2fe0 L40
0000023b`db2c2fe0 d0 41 8f cf 3b 02 00 00-00 00 00 00 bb bb ba dc .A..;...........
0000023b`db2c2ff0 01 01 01 84 f8 f8 f8 f8-f8 f8 f8 f8 f8 f8 f8 f8 ................
0000023b`db2c3000 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
0000023b`db2c3010 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
0:000> .load msec
0:000> !exploitable
!exploitable 1.6.0.0
*** WARNING: Unable to verify checksum for ACDSeePro14.exe
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - User Mode Write AV starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e (Hash=0xfa88aee0.0x950205f3)
User mode write access violations that are not near NULL are exploitable.