agent / secteer.exe dies when analysing my Office 15.0 (Office 2013) Registry entries

cdqEAW67

agent / secteer.exe v-1.0.6.0 dies when analysing my Office 15.0 (Office 2013) Registry entries

"dies" means:
The agent does not display a window. Log file stops after "There are 8 registry rules". When running from Admin-CMD there is a message window (Dr. Watson^^).

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\FilesPaths]
"office.odf"="C:\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE15\\Cultures\\OFFICE.ODF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot]
"Path"="C:\\Program Files (x86)\\Microsoft Office\\Office15\\"

shortest way to reproduce:
"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-filesystem --no-winupdate --no-system --no-msi --immediate

After (saving as .reg) and deleting the Registry-Tree the registry can scanned successfull with my Win7. Importing the .reg to a Win10 causes also secteer.exe to die.

Btw: I didn't have Office 2013 installed. Only VisionViewer2013.
A re-installation with an additional update (KB3178640) do not put back these reg-keys. So I have no idea when and by whom they have been created.

Tom

Well, it shouldn't die regardless of what is in the registry. So we will also have a look at this one.

Tom

I would appreciate to get a hold of that .reg file. I know that there may be some sensitive data in there, such as names, email addresses and perhaps a license key, which you may want to mask before sending it to us.

You can send it to me on "tom at vulndetect dot com"

Thank you

cdqEAW67

What You see in Code-Window ist the complete reg-file (no Office 2013/365 installed on my side)!
That's why I thought you may be interested in.

cdqEAW67

Sorry for confusing ...

I'm sure I reproduced it on my Win10 before posting,
but now it's UR (unreproducable) there

In that case it's not relevant to others (only to my special-Win7).
So you can mark this as 'closed' ...

Sorry again!

Tom

Well, none-the-less, we did make some improvements, because there was a potential issue and we managed to reproduce it one time.

From our testing we believe that it can't be consistently reproduced.

Please upgrade to VulnDetect version 1.0.7.0 and do let us know if you see anything similar again.
https://vulndetect.com/dl/secteerSetup.exe

cdqEAW67

After re-importing the reg to my Win7 the 1.0.6.0 is dying again.
The 1.0.7.0 is continuing the scan and submits the data (checked with agent and --immediate).
So it's OK now!!
Thx

Tom

@cdqEAW67 That is great news, it was actually quite relevant, we have identified about a handful of others who were affected by this.
So once again, thank you.