CVE-2018-6253
An exploitable denial-of-service vulnerability exists in the Nvidia D3D10 Driver 22.21.13.8607. A specially crafted pixel shader can cause a stack overflow exception, resulting in at least denial of service. An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability is present in the Nvidia Driver and can be triggered on a regular system as well as from a VMware guest, and will affect a VMware host (leading to the vmware-vmx.exe process to crash on the host).
Nvidia nvwgf2umx.dll 22.21.13.8607 (x64) on Windows 10 x64 VMware Workstation 14 (14.0.0 build-6661328) with Windows 10 x64 as guestVM
7.7 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE-674: Uncontrolled Recursion
This vulnerability can be triggered by supplying a malformed pixel shader (in text or binary form) to the Nvidia nvwgf2umx.dll driver. Such an attack can be triggered from local machine (usermode), from VMware guest usermode (to cause a memory denial-of-service attack on vmware-vmx.exe process on host) or theoretically through WEBGL (remote website) — assuming the browser will not use ANGLE, and will somehow supply the malformed shader to the vulnerable Nvidia driver.
In short, it is possible to create a shader in such a way that it will cause a function (sub_038B150) to call itself recursively without any validation of the number of recursions/stack memory borders, \\\ which finally leads to denial of service due to stack memory exhaustion.
(18d8.1730): Stack overflow - code c00000fd (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\System32\DriverStore\FileRepository\nv_dispwi.inf_amd64_b9e48fe9a2339325\nvwgf2umx.dll -
nvwgf2umx!OpenAdapter12+0x3671c2:
00007ffa`5d9ab152 55 push rbp
0:018> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for K:\tools\vmware\x64\vmware-vmx-debug.exe
GetUrlPageData2 (WinHttp) failed: 12002.
DUMP_CLASS: 2
DUMP_QUALIFIER: 0
FAULTING_IP:
nvwgf2umx!OpenAdapter12+37b9ca
00007ffa`5d9bf95a 85c0 test eax,eax
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffa5d9ab152 (nvwgf2umx!OpenAdapter12+0x00000000003671c2)
ExceptionCode: c00000fd (Stack overflow)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000005fb4203ff8
FAULTING_THREAD: 00002b04
BUGCHECK_STR: STACK_OVERFLOW
DEFAULT_BUCKET_ID: STACK_OVERFLOW
PROCESS_NAME: vmware-vmx-debug.exe
ERROR_CODE: (NTSTATUS) 0xc00000fd - A new guard page for the stack cannot be created.
EXCEPTION_CODE: (NTSTATUS) 0xc00000fd - A new guard page for the stack cannot be created.
EXCEPTION_CODE_STR: c00000fd
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000005fb4203ff8
RECURRING_STACK: From frames 0x1 to 0x0
WATSON_BKT_PROCSTAMP: 59bfca5c
WATSON_BKT_PROCVER: 14.0.0.24051
PROCESS_VER_PRODUCT: VMware Workstation
WATSON_BKT_MODULE: nvwgf2umx.dll
WATSON_BKT_MODSTAMP: 5a395c58
WATSON_BKT_MODOFFSET: 37b152
WATSON_BKT_MODVER: 22.21.13.8607
MODULE_VER_PRODUCT: NVIDIA D3D10 drivers
BUILD_VERSION_STRING: 10.0.16299.15 (WinBuild.160101.0800)
MODLIST_WITH_TSCHKSUM_HASH: 3afd9952704e1cc13c38535546b6114e272d7f69
MODLIST_SHA1_HASH: a0b3b8e1867356c7339e8084e1e9262a776a4acd
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 1
SUITE_MASK: 272
DUMP_TYPE: fe
ANALYSIS_SESSION_HOST: CLAB
ANALYSIS_SESSION_TIME: 01-23-2018 18:08:47.0711
ANALYSIS_VERSION: 10.0.16299.15 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: ENU
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_OriginalExceptionThread] from Frame:[0] on thread:[1730]
PROBLEM_CLASSES:
ID: [0n182]
Type: [STACK_OVERFLOW]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [0x1730]
Frame: [0] : nvwgf2umx!OpenAdapter12
ID: [0n120]
Type: [@DATA]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Omit
Data: Omit
PID: [0x18d8]
TID: [0x1730]
Frame: [0] : nvwgf2umx!OpenAdapter12
PRIMARY_PROBLEM_CLASS: STACK_OVERFLOW
LAST_CONTROL_TRANSFER: from 00007ffa5d9ab556 to 00007ffa5d9ab152
STACK_TEXT:
0000005f`b4204000 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3671c2
0000005f`b4204010 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42040e0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42041b0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204280 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204350 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204420 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42044f0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42045c0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204690 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204760 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204830 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204900 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42049d0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204aa0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204b70 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204c40 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204d10 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204de0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204eb0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4204f80 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205050 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205120 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42051f0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42052c0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205390 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205460 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205530 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205600 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42056d0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42057a0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205870 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205940 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205a10 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205ae0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205bb0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205c80 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 :
nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205d50 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205e20 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205ef0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4205fc0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206090 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206160 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206230 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206300 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42063d0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42064a0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206570 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206640 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206710 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42067e0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42068b0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206980 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206a50 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206b20 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206bf0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206cc0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206d90 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206e60 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4206f30 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207000 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42070d0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42071a0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207270 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207340 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207410 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42074e0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42075b0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207680 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207750 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207820 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42078f0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42079c0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207a90 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207b60 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207c30 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207d00 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207dd0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207ea0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4207f70 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4208040 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b4208110 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42081e0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
0000005f`b42082b0 00007ffa`5d9ab556 : 00000000`00000000 00000000`00000000 0000025f`722f82b8 00000000`00000000 : nvwgf2umx!OpenAdapter12+0x3675c6
THREAD_SHA1_HASH_MOD_FUNC: 6d8c4c137de7532f4975af247bced80061d57a6a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c2321991eaebe36a38a5b4ef9765b0b7557eb16e
THREAD_SHA1_HASH_MOD: 7deb476dbf31a5b6fe4811ab6154a4c411d2d955
FOLLOWUP_IP:
nvwgf2umx!OpenAdapter12+37b9ca
00007ffa`5d9bf95a 85c0 test eax,eax
FAULT_INSTR_CODE: 840fc085
SYMBOL_STACK_INDEX: 1301
SYMBOL_NAME: nvwgf2umx!OpenAdapter12+37b9ca
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nvwgf2umx
IMAGE_NAME: nvwgf2umx.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 5a395c58
STACK_COMMAND: .ecxr ; ~~[0x1730]s ; .frame 0 ; ~18s ; .cxr ; kb
BUCKET_ID: STACK_OVERFLOW_nvwgf2umx!OpenAdapter12+37b9ca
FAILURE_EXCEPTION_CODE: c00000fd
FAILURE_IMAGE_NAME: nvwgf2umx.dll
BUCKET_ID_IMAGE_STR: nvwgf2umx.dll
FAILURE_MODULE_NAME: nvwgf2umx
BUCKET_ID_MODULE_STR: nvwgf2umx
FAILURE_FUNCTION_NAME: OpenAdapter12
BUCKET_ID_FUNCTION_STR: OpenAdapter12
BUCKET_ID_OFFSET: 37b9ca
BUCKET_ID_MODPRIVATE: 1
BUCKET_ID_MODTIMEDATESTAMP: 5a395c58
BUCKET_ID_MODCHECKSUM: 1934a09
BUCKET_ID_MODVER_STR: 22.21.13.8607
BUCKET_ID_PREFIX_STR: STACK_OVERFLOW_
FAILURE_PROBLEM_CLASS: STACK_OVERFLOW
FAILURE_SYMBOL_NAME: nvwgf2umx.dll!OpenAdapter12
FAILURE_BUCKET_ID: STACK_OVERFLOW_c00000fd_nvwgf2umx.dll!OpenAdapter12
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/vmware-vmx-debug.exe/14.0.0.24051/59bfca5c/nvwgf2umx.dll/22.21.13.8607/5a395c58/c00000fd/0037b152.htm?Retriage=1
TARGET_TIME: 2018-01-23T17:08:54.000Z
OSBUILD: 16299
OSSERVICEPACK: 15
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 1976-06-22 08:45:20
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.16299.15
ANALYSIS_SESSION_ELAPSED_TIME: 6dcb
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:stack_overflow_c00000fd_nvwgf2umx.dll!openadapter12
FAILURE_ID_HASH: {82f38430-6543-5e85-a33c-12be023e75bc}
Followup: MachineOwner
---------
Attached to the package
2018-02-06 - Vendor Disclosure
2018-03-28 - Public Release
Discovered by a member of Cisco Talos.