Monday, January 18, 2010

Is not a security bug but… (RDP - mstsc.exe / mstscax.dll crash)

It’s been detected on once of my system (XP SP3 updated to all MS bulletins. One note: the MS09-044 it was related to RDP Client Version 5.0.) this memory exception condition (under investigation) within “mstscax.dll”:

rdpcrash0001

A better view permit to locate the method exposed by ActiveX MSTSCAX.dll where is triggered the issue (CClientHandler::GetAndParseXml(void)):

image

The ActiveX dll has the following properties:

rdpcrash0003

And the following version:

rdpcrash0004

The function above is called only by two functions as shown:

image

At this time I don’t think that it’s a security issue that may be triggered from remote but searching by Google i have found a good number of links that reports same problems in older and more recent release of MSTSC (RDP Client):

http://www.google.com/#hl=en&q=mstscax.dll+crash

This search query IMHO may be used for find other possible issues since some link provided by Google are related to developer forums, or at least this kind of queries may give a good starting point for investigate on (potentially bugged) code. A good evidence is given, for example, by the following query:

googlesshot1

Note: mshtml.dll is related to CVE-2010-0249.

No comments:

Post a Comment