This repository has been archived by the owner on Apr 26, 2021. It is now read-only.
Office Application 2010 crashes with latest Cuckoo #3197
Comments
|
Exception code whitelisting as seen here #2125 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Thanks for creating an issue! But first: did you read our community guidelines?
https://cuckoo.sh/docs/introduction/community.html
My issue is:
We are facing issue in analyzing office documents in our cuckoo setup.
We are using latest cuckoo with Office 2010,SP2 and seems though the document is getting opened in
Office application(Word/Excel), soon after Word/Excel crashes and following is the stack trace we are seeing.
"stacktrace": "RaiseException+0x3d FreeEnvironmentStringsW-0x13 kernelbase+0xbe0d @ 0x7fefd2fbe0d\nRpcRaiseException+0x53
RpcExceptionFilter-0x2ad rpcrt4+0x15163 @ 0x7fefdb95163\nNdrClientCall2+0x6b3
NdrClearOutParameters-0xf3d rpcrt4+0xe1493 @ 0x7fefdc61493\nNdrClientCall2+0x1d NdrClearOutParameters-0x15d3
rpcrt4+0xe0dfd @ 0x7fefdc60dfd\nSLGetEncryptedPIDEx+0xac57 SLCallServer-0x63d osppc+0x1a0af @ 0x74c4a0af\n
SLpVLActivateProduct+0xe9 SLpGetMSPidInformation-0xcb osppc+0xc7cd @ 0x74c3c7cd\nSLActivateProduct+0x3df
SLGetServerStatus-0xca1 osppcext+0x3a48f @ 0x749ca48f\n??0OdfStgParams@@qeaa@XZ+0x101fa0
MsoWzAfterPath-0xcf8c mso+0xf4bcf0 @ 0x7fef042bcf0\nMsoFSetTooltips+0x49bae
MsoFDoSmartTagSecurityCheck-0x633fe mso+0x326cce @ 0x7feef806cce\nMsoFSetTooltips+0x49a25
MsoFDoSmartTagSecurityCheck-0x63587 mso+0x326b45 @ 0x7feef806b45\nMsoFSetTooltips+0x4a2dc
MsoFDoSmartTagSecurityCheck-0x62cd0 mso+0x3273fc @ 0x7feef8073fc\nMsoFSetTooltips+0x497e2
MsoFDoSmartTagSecurityCheck-0x637ca mso+0x326902 @ 0x7feef806902\nMsoFSetTooltips+0x49774
MsoFDoSmartTagSecurityCheck-0x63838 mso+0x326894 @ 0x7feef806894\nMsoFGetButtonSize+0xa48c4
MsoPwlfFromFlinfo-0x159b8 mso+0x183908 @ 0x7feef663908\nMsoFGetButtonSize+0xa457e
MsoPwlfFromFlinfo-0x15cfe mso+0x1835c2 @ 0x7feef6635c2\nMsoFGetButtonSize+0xa43e0
MsoPwlfFromFlinfo-0x15e9c mso+0x183424 @ 0x7feef663424\nMsoFGetButtonSize+0xa3f6b
MsoPwlfFromFlinfo-0x16311 mso+0x182faf @ 0x7feef662faf\nMsoUninitOffice+0xc11
MsoFHideTaiwan-0x1aa7 mso+0x351c5 @ 0x7feef5151c5\nBaseThreadInitThunk+0xd
CreateThread-0x53 kernel32+0x1570d @ 0x771e570d\nRtlUserThreadStart+0x1d
RtlDecodeSystemPointer-0x33 ntdll+0x5385d @ 0x7734385d",
"exception": {"instruction_r": "48 81 c4 c8 00 00 00 c3 90 90 90 90 90 90 90 90",
"symbol": "RaiseException+0x3d FreeEnvironmentStringsW-0x13 kernelbase+0xbe0d",
"instruction": "add rsp, 0xc8", "module": "KERNELBASE.dll",
"exception_code": "0x8007007b", "offset": 48653, "address": "0x7fefd2fbe0d"}
Would like to know the exact version of Office Application is used in cuckoo.cert.ee and if any customisation to monitor.
Pl. let us know the the commit head for the monitor used in cuckoo.cert.ee.
My Cuckoo version and operating system are: Latest Cuckoo, win-7, Office 2010 SP2
This can be reproduced by: In my Cuckoo setup
The log, error, files etc can be found at: As mentioned in "My Issue" section
The text was updated successfully, but these errors were encountered: