Memory near access violation at 0x602C5000

602c4de0	*bb bb cd ab	╗╗═½	abcdbbbb	// *0=Page heap StartStamp
602c4de4	*00 10 a2 03	␀►ó♥	03a21000 → ffeeddcc	// *0=Page heap Heap
602c4de8	*00 02 00 00	␀☻␀␀	00000200	// *0=Page heap RequestedSize
602c4dec	*00 10 00 00	␀►␀␀	00001000	// *0=Page heap ActualSize
602c4df0	00 00 00 00	␀␀␀␀	00000000
602c4df4	00 00 00 00	␀␀␀␀	00000000
602c4df8	*8c 2d f4 04	î-⌠♦	04f42d8c → 04e7e70c	// *0=Page heap StackTrace
602c4dfc	*bb bb ba dc	╗╗║▄	dcbabbbb	// *0=Page heap EndStamp
602c4e00	*00 00 00 00	␀␀␀␀	00000000	// *0=Heap block start
602c4e04	00 00 00 00	␀␀␀␀	00000000
602c4e08	00 00 00 00	␀␀␀␀	00000000
602c4e0c	00 00 00 00	␀␀␀␀	00000000
602c4e10	00 00 00 00	␀␀␀␀	00000000
602c4e14	00 00 00 00	␀␀␀␀	00000000
602c4e18	00 00 00 00	␀␀␀␀	00000000
602c4e1c	00 00 00 00	␀␀␀␀	00000000
602c4e20	00 00 00 00	␀␀␀␀	00000000
602c4e24	00 00 00 00	␀␀␀␀	00000000
602c4e28	00 00 00 00	␀␀␀␀	00000000
602c4e2c	00 00 00 00	␀␀␀␀	00000000
602c4e30	00 00 00 00	␀␀␀␀	00000000
602c4e34	00 00 00 00	␀␀␀␀	00000000
602c4e38	00 00 00 00	␀␀␀␀	00000000
602c4e3c	00 00 00 00	␀␀␀␀	00000000
602c4e40	00 00 00 00	␀␀␀␀	00000000
602c4e44	00 00 00 00	␀␀␀␀	00000000
602c4e48	00 00 00 00	␀␀␀␀	00000000
602c4e4c	00 00 00 00	␀␀␀␀	00000000
602c4e50	00 00 00 00	␀␀␀␀	00000000
602c4e54	00 00 00 00	␀␀␀␀	00000000
602c4e58	00 00 00 00	␀␀␀␀	00000000
602c4e5c	00 00 00 00	␀␀␀␀	00000000
602c4e60	00 00 00 00	␀␀␀␀	00000000
602c4e64	00 00 00 00	␀␀␀␀	00000000
602c4e68	00 00 00 00	␀␀␀␀	00000000
602c4e6c	00 00 00 00	␀␀␀␀	00000000
602c4e70	00 00 00 00	␀␀␀␀	00000000
602c4e74	00 00 00 00	␀␀␀␀	00000000
602c4e78	00 00 00 00	␀␀␀␀	00000000
602c4e7c	00 00 00 00	␀␀␀␀	00000000
602c4e80	00 00 00 00	␀␀␀␀	00000000
602c4e84	00 00 00 00	␀␀␀␀	00000000
602c4e88	00 00 00 00	␀␀␀␀	00000000
602c4e8c	00 00 00 00	␀␀␀␀	00000000
602c4e90	00 00 00 00	␀␀␀␀	00000000
602c4e94	00 00 00 00	␀␀␀␀	00000000
602c4e98	00 00 00 00	␀␀␀␀	00000000
602c4e9c	00 00 00 00	␀␀␀␀	00000000
602c4ea0	00 00 00 00	␀␀␀␀	00000000
602c4ea4	00 00 00 00	␀␀␀␀	00000000
602c4ea8	00 00 00 00	␀␀␀␀	00000000
602c4eac	00 00 00 00	␀␀␀␀	00000000
602c4eb0	00 00 00 00	␀␀␀␀	00000000
602c4eb4	00 00 00 00	␀␀␀␀	00000000
602c4eb8	00 00 00 00	␀␀␀␀	00000000
602c4ebc	00 00 00 00	␀␀␀␀	00000000
602c4ec0	00 00 00 00	␀␀␀␀	00000000
602c4ec4	00 00 00 00	␀␀␀␀	00000000
602c4ec8	00 00 00 00	␀␀␀␀	00000000
602c4ecc	00 00 00 00	␀␀␀␀	00000000
602c4ed0	00 00 00 00	␀␀␀␀	00000000
602c4ed4	00 00 00 00	␀␀␀␀	00000000
602c4ed8	00 00 00 00	␀␀␀␀	00000000
602c4edc	00 00 00 00	␀␀␀␀	00000000
602c4ee0	00 00 00 00	␀␀␀␀	00000000
602c4ee4	00 00 00 00	␀␀␀␀	00000000
602c4ee8	00 00 00 00	␀␀␀␀	00000000
602c4eec	00 00 00 00	␀␀␀␀	00000000
602c4ef0	00 00 00 00	␀␀␀␀	00000000
602c4ef4	00 00 00 00	␀␀␀␀	00000000
602c4ef8	00 00 00 00	␀␀␀␀	00000000
602c4efc	00 00 00 00	␀␀␀␀	00000000
602c4f00	00 00 00 00	␀␀␀␀	00000000
602c4f04	00 00 00 00	␀␀␀␀	00000000
602c4f08	00 00 00 00	␀␀␀␀	00000000
602c4f0c	00 00 00 00	␀␀␀␀	00000000
602c4f10	00 00 00 00	␀␀␀␀	00000000
602c4f14	00 00 00 00	␀␀␀␀	00000000
602c4f18	00 00 00 00	␀␀␀␀	00000000
602c4f1c	00 00 00 00	␀␀␀␀	00000000
602c4f20	00 00 00 00	␀␀␀␀	00000000
602c4f24	00 00 00 00	␀␀␀␀	00000000
602c4f28	00 00 00 00	␀␀␀␀	00000000
602c4f2c	00 00 00 00	␀␀␀␀	00000000
602c4f30	00 00 00 00	␀␀␀␀	00000000
602c4f34	00 00 00 00	␀␀␀␀	00000000
602c4f38	00 00 00 00	␀␀␀␀	00000000
602c4f3c	00 00 00 00	␀␀␀␀	00000000
602c4f40	00 00 00 00	␀␀␀␀	00000000
602c4f44	00 00 00 00	␀␀␀␀	00000000
602c4f48	00 00 00 00	␀␀␀␀	00000000
602c4f4c	00 00 00 00	␀␀␀␀	00000000
602c4f50	00 00 00 00	␀␀␀␀	00000000
602c4f54	00 00 00 00	␀␀␀␀	00000000
602c4f58	00 00 00 00	␀␀␀␀	00000000
602c4f5c	00 00 00 00	␀␀␀␀	00000000
602c4f60	00 00 00 00	␀␀␀␀	00000000
602c4f64	00 00 00 00	␀␀␀␀	00000000
602c4f68	00 00 00 00	␀␀␀␀	00000000
602c4f6c	00 00 00 00	␀␀␀␀	00000000
602c4f70	00 00 00 00	␀␀␀␀	00000000
602c4f74	00 00 00 00	␀␀␀␀	00000000
602c4f78	00 00 00 00	␀␀␀␀	00000000
602c4f7c	00 00 00 00	␀␀␀␀	00000000
602c4f80	00 00 00 00	␀␀␀␀	00000000
602c4f84	00 00 00 00	␀␀␀␀	00000000
602c4f88	00 00 00 00	␀␀␀␀	00000000
602c4f8c	00 00 00 00	␀␀␀␀	00000000
602c4f90	00 00 00 00	␀␀␀␀	00000000
602c4f94	00 00 00 00	␀␀␀␀	00000000
602c4f98	00 00 00 00	␀␀␀␀	00000000
602c4f9c	00 00 00 00	␀␀␀␀	00000000
602c4fa0	00 00 00 00	␀␀␀␀	00000000
602c4fa4	00 00 00 00	␀␀␀␀	00000000
602c4fa8	00 00 00 00	␀␀␀␀	00000000
602c4fac	00 00 00 00	␀␀␀␀	00000000
602c4fb0	00 00 00 00	␀␀␀␀	00000000
602c4fb4	00 00 00 00	␀␀␀␀	00000000
602c4fb8	00 00 00 00	␀␀␀␀	00000000
602c4fbc	00 00 00 00	␀␀␀␀	00000000
602c4fc0	00 00 00 00	␀␀␀␀	00000000
602c4fc4	00 00 00 00	␀␀␀␀	00000000
602c4fc8	00 00 00 00	␀␀␀␀	00000000
602c4fcc	00 00 00 00	␀␀␀␀	00000000
602c4fd0	00 00 00 00	␀␀␀␀	00000000
602c4fd4	00 00 00 00	␀␀␀␀	00000000
602c4fd8	00 00 00 00	␀␀␀␀	00000000
602c4fdc	00 00 00 00	␀␀␀␀	00000000
602c4fe0	00 00 00 00	␀␀␀␀	00000000
602c4fe4	00 00 00 00	␀␀␀␀	00000000
602c4fe8	00 00 00 00	␀␀␀␀	00000000
602c4fec	00 00 00 00	␀␀␀␀	00000000
602c4ff0	00 00 00 00	␀␀␀␀	00000000
602c4ff4	00 00 00 00	␀␀␀␀	00000000
602c4ff8	00 00 00 00	␀␀␀␀	00000000
602c4ffc	00 00 00 00	␀␀␀␀	00000000
602c5000	-- inaccessible --			// 0=Access violation, 0=Heap block end, *0=Allocation end
602c5004	-- inaccessible --
602c5008	-- inaccessible --
602c500c	-- inaccessible --
602c5010	-- inaccessible --
602c5014	-- inaccessible --
602c5018	-- inaccessible --
602c501c	-- inaccessible --
602c5020	-- inaccessible --
602c5024	-- inaccessible --
602c5028	-- inaccessible --
602c502c	-- inaccessible --
602c5030	-- inaccessible --
602c5034	-- inaccessible --
602c5038	-- inaccessible --
602c503c	-- inaccessible --
602c5040	-- inaccessible --
602c5044	-- inaccessible --
602c5048	-- inaccessible --
602c504c	-- inaccessible --
602c5050	-- inaccessible --
602c5054	-- inaccessible --
602c5058	-- inaccessible --
602c505c	-- inaccessible --
602c5060	-- inaccessible --
602c5064	-- inaccessible --
602c5068	-- inaccessible --
602c506c	-- inaccessible --
602c5070	-- inaccessible --
602c5074	-- inaccessible --
602c5078	-- inaccessible --
602c507c	-- inaccessible --
602c5080	-- inaccessible --
602c5084	-- inaccessible --
602c5088	-- inaccessible --
602c508c	-- inaccessible --
602c5090	-- inaccessible --
602c5094	-- inaccessible --
602c5098	-- inaccessible --
602c509c	-- inaccessible --
602c50a0	-- inaccessible --
602c50a4	-- inaccessible --
602c50a8	-- inaccessible --
602c50ac	-- inaccessible --
602c50b0	-- inaccessible --
602c50b4	-- inaccessible --
602c50b8	-- inaccessible --
602c50bc	-- inaccessible --
602c50c0	-- inaccessible --
602c50c4	-- inaccessible --
602c50c8	-- inaccessible --
602c50cc	-- inaccessible --
602c50d0	-- inaccessible --
602c50d4	-- inaccessible --
602c50d8	-- inaccessible --
602c50dc	-- inaccessible --
602c50e0	-- inaccessible --
602c50e4	-- inaccessible --
602c50e8	-- inaccessible --
602c50ec	-- inaccessible --
602c50f0	-- inaccessible --
602c50f4	-- inaccessible --
602c50f8	-- inaccessible --
602c50fc	-- inaccessible --
602c5100	-- inaccessible --
602c5104	-- inaccessible --
602c5108	-- inaccessible --
602c510c	-- inaccessible --
602c5110	-- inaccessible --
602c5114	-- inaccessible --
602c5118	-- inaccessible --
602c511c	-- inaccessible --
602c5120	-- inaccessible --
602c5124	-- inaccessible --
602c5128	-- inaccessible --
602c512c	-- inaccessible --
602c5130	-- inaccessible --
602c5134	-- inaccessible --
602c5138	-- inaccessible --
602c513c	-- inaccessible --
602c5140	-- inaccessible --
602c5144	-- inaccessible --
602c5148	-- inaccessible --
602c514c	-- inaccessible --
602c5150	-- inaccessible --
602c5154	-- inaccessible --
602c5158	-- inaccessible --
602c515c	-- inaccessible --
602c5160	-- inaccessible --
602c5164	-- inaccessible --
602c5168	-- inaccessible --
602c516c	-- inaccessible --
602c5170	-- inaccessible --
602c5174	-- inaccessible --
602c5178	-- inaccessible --
602c517c	-- inaccessible --
602c5180	-- inaccessible --
602c5184	-- inaccessible --
602c5188	-- inaccessible --
602c518c	-- inaccessible --
602c5190	-- inaccessible --
602c5194	-- inaccessible --
602c5198	-- inaccessible --
602c519c	-- inaccessible --
602c51a0	-- inaccessible --
602c51a4	-- inaccessible --
602c51a8	-- inaccessible --
602c51ac	-- inaccessible --
602c51b0	-- inaccessible --
602c51b4	-- inaccessible --
602c51b8	-- inaccessible --
602c51bc	-- inaccessible --
602c51c0	-- inaccessible --
602c51c4	-- inaccessible --
602c51c8	-- inaccessible --
602c51cc	-- inaccessible --
602c51d0	-- inaccessible --
602c51d4	-- inaccessible --
602c51d8	-- inaccessible --
602c51dc	-- inaccessible --
602c51e0	-- inaccessible --
602c51e4	-- inaccessible --
602c51e8	-- inaccessible --
602c51ec	-- inaccessible --
602c51f0	-- inaccessible --
602c51f4	-- inaccessible --
602c51f8	-- inaccessible --
602c51fc	-- inaccessible --
602c5200	-- inaccessible --
602c5204	-- inaccessible --
602c5208	-- inaccessible --
602c520c	-- inaccessible --
602c5210	-- inaccessible --
602c5214	-- inaccessible --
602c5218	-- inaccessible --
602c521c	-- inaccessible --
602c5220	-- inaccessible --
602c5224	-- inaccessible --
602c5228	-- inaccessible --
602c522c	-- inaccessible --
602c5230	-- inaccessible --
602c5234	-- inaccessible --
602c5238	-- inaccessible --
602c523c	-- inaccessible --
602c5240	-- inaccessible --
602c5244	-- inaccessible --
602c5248	-- inaccessible --
602c524c	-- inaccessible --
602c5250	-- inaccessible --
602c5254	-- inaccessible --
602c5258	-- inaccessible --
602c525c	-- inaccessible --
602c5260	-- inaccessible --
602c5264	-- inaccessible --
602c5268	-- inaccessible --
602c526c	-- inaccessible --
602c5270	-- inaccessible --
602c5274	-- inaccessible --
602c5278	-- inaccessible --
602c527c	-- inaccessible --
602c5280	-- inaccessible --
602c5284	-- inaccessible --
602c5288	-- inaccessible --
602c528c	-- inaccessible --
602c5290	-- inaccessible --
602c5294	-- inaccessible --
602c5298	-- inaccessible --
602c529c	-- inaccessible --
602c52a0	-- inaccessible --
602c52a4	-- inaccessible --
602c52a8	-- inaccessible --
602c52ac	-- inaccessible --
602c52b0	-- inaccessible --
602c52b4	-- inaccessible --
602c52b8	-- inaccessible --
602c52bc	-- inaccessible --
602c52c0	-- inaccessible --
602c52c4	-- inaccessible --
602c52c8	-- inaccessible --
602c52cc	-- inaccessible --
602c52d0	-- inaccessible --
602c52d4	-- inaccessible --
602c52d8	-- inaccessible --
602c52dc	-- inaccessible --
602c52e0	-- inaccessible --
602c52e4	-- inaccessible --
602c52e8	-- inaccessible --
602c52ec	-- inaccessible --
602c52f0	-- inaccessible --
602c52f4	-- inaccessible --
602c52f8	-- inaccessible --
602c52fc	-- inaccessible --
602c5300	-- inaccessible --
602c5304	-- inaccessible --
602c5308	-- inaccessible --
602c530c	-- inaccessible --
602c5310	-- inaccessible --
602c5314	-- inaccessible --
602c5318	-- inaccessible --
602c531c	-- inaccessible --
602c5320	-- inaccessible --
602c5324	-- inaccessible --
602c5328	-- inaccessible --
602c532c	-- inaccessible --
602c5330	-- inaccessible --
602c5334	-- inaccessible --
602c5338	-- inaccessible --
602c533c	-- inaccessible --
602c5340	-- inaccessible --
602c5344	-- inaccessible --
602c5348	-- inaccessible --
602c534c	-- inaccessible --
602c5350	-- inaccessible --
602c5354	-- inaccessible --
602c5358	-- inaccessible --
602c535c	-- inaccessible --
602c5360	-- inaccessible --
602c5364	-- inaccessible --
602c5368	-- inaccessible --
602c536c	-- inaccessible --
602c5370	-- inaccessible --
602c5374	-- inaccessible --
602c5378	-- inaccessible --
602c537c	-- inaccessible --
602c5380	-- inaccessible --
602c5384	-- inaccessible --
602c5388	-- inaccessible --
602c538c	-- inaccessible --
602c5390	-- inaccessible --
602c5394	-- inaccessible --
602c5398	-- inaccessible --
602c539c	-- inaccessible --
602c53a0	-- inaccessible --
602c53a4	-- inaccessible --
602c53a8	-- inaccessible --
602c53ac	-- inaccessible --
602c53b0	-- inaccessible --
602c53b4	-- inaccessible --
602c53b8	-- inaccessible --
602c53bc	-- inaccessible --
602c53c0	-- inaccessible --
602c53c4	-- inaccessible --
602c53c8	-- inaccessible --
602c53cc	-- inaccessible --
602c53d0	-- inaccessible --
602c53d4	-- inaccessible --
602c53d8	-- inaccessible --
602c53dc	-- inaccessible --
602c53e0	-- inaccessible --
602c53e4	-- inaccessible --
602c53e8	-- inaccessible --
602c53ec	-- inaccessible --
602c53f0	-- inaccessible --
602c53f4	-- inaccessible --
602c53f8	-- inaccessible --
602c53fc	-- inaccessible --
602c5400	-- inaccessible --
602c5404	-- inaccessible --
602c5408	-- inaccessible --
602c540c	-- inaccessible --
602c5410	-- inaccessible --
602c5414	-- inaccessible --
602c5418	-- inaccessible --
602c541c	-- inaccessible --
602c5420	-- inaccessible --
602c5424	-- inaccessible --
602c5428	-- inaccessible --
602c542c	-- inaccessible --
602c5430	-- inaccessible --
602c5434	-- inaccessible --
602c5438	-- inaccessible --
602c543c	-- inaccessible --
602c5440	-- inaccessible --
602c5444	-- inaccessible --
602c5448	-- inaccessible --
602c544c	-- inaccessible --
602c5450	-- inaccessible --
602c5454	-- inaccessible --
602c5458	-- inaccessible --
602c545c	-- inaccessible --
602c5460	-- inaccessible --
602c5464	-- inaccessible --
602c5468	-- inaccessible --
602c546c	-- inaccessible --
602c5470	-- inaccessible --
602c5474	-- inaccessible --
602c5478	-- inaccessible --
602c547c	-- inaccessible --
602c5480	-- inaccessible --
602c5484	-- inaccessible --
602c5488	-- inaccessible --
602c548c	-- inaccessible --
602c5490	-- inaccessible --
602c5494	-- inaccessible --
602c5498	-- inaccessible --
602c549c	-- inaccessible --
602c54a0	-- inaccessible --
602c54a4	-- inaccessible --
602c54a8	-- inaccessible --
602c54ac	-- inaccessible --
602c54b0	-- inaccessible --
602c54b4	-- inaccessible --
602c54b8	-- inaccessible --
602c54bc	-- inaccessible --
602c54c0	-- inaccessible --
602c54c4	-- inaccessible --
602c54c8	-- inaccessible --
602c54cc	-- inaccessible --
602c54d0	-- inaccessible --
602c54d4	-- inaccessible --
602c54d8	-- inaccessible --
602c54dc	-- inaccessible --
602c54e0	-- inaccessible --
602c54e4	-- inaccessible --
602c54e8	-- inaccessible --
602c54ec	-- inaccessible --
602c54f0	-- inaccessible --
602c54f4	-- inaccessible --
602c54f8	-- inaccessible --
602c54fc	-- inaccessible --
602c5500	-- inaccessible --
602c5504	-- inaccessible --
602c5508	-- inaccessible --
602c550c	-- inaccessible --
602c5510	-- inaccessible --
602c5514	-- inaccessible --
602c5518	-- inaccessible --
602c551c	-- inaccessible --
602c5520	-- inaccessible --
602c5524	-- inaccessible --
602c5528	-- inaccessible --
602c552c	-- inaccessible --
602c5530	-- inaccessible --
602c5534	-- inaccessible --
602c5538	-- inaccessible --
602c553c	-- inaccessible --
602c5540	-- inaccessible --
602c5544	-- inaccessible --
602c5548	-- inaccessible --
602c554c	-- inaccessible --
602c5550	-- inaccessible --
602c5554	-- inaccessible --
602c5558	-- inaccessible --
602c555c	-- inaccessible --
602c5560	-- inaccessible --
602c5564	-- inaccessible --
602c5568	-- inaccessible --
602c556c	-- inaccessible --
602c5570	-- inaccessible --
602c5574	-- inaccessible --
602c5578	-- inaccessible --
602c557c	-- inaccessible --
602c5580	-- inaccessible --
602c5584	-- inaccessible --
602c5588	-- inaccessible --
602c558c	-- inaccessible --
602c5590	-- inaccessible --
602c5594	-- inaccessible --
602c5598	-- inaccessible --
602c559c	-- inaccessible --
602c55a0	-- inaccessible --
602c55a4	-- inaccessible --
602c55a8	-- inaccessible --
602c55ac	-- inaccessible --
602c55b0	-- inaccessible --
602c55b4	-- inaccessible --
602c55b8	-- inaccessible --
602c55bc	-- inaccessible --
602c55c0	-- inaccessible --
602c55c4	-- inaccessible --
602c55c8	-- inaccessible --
602c55cc	-- inaccessible --
602c55d0	-- inaccessible --
602c55d4	-- inaccessible --
602c55d8	-- inaccessible --
602c55dc	-- inaccessible --
602c55e0	-- inaccessible --
602c55e4	-- inaccessible --
602c55e8	-- inaccessible --
602c55ec	-- inaccessible --
602c55f0	-- inaccessible --
602c55f4	-- inaccessible --
602c55f8	-- inaccessible --
602c55fc	-- inaccessible --
602c5600	-- inaccessible --
602c5604	-- inaccessible --
602c5608	-- inaccessible --
602c560c	-- inaccessible --
602c5610	-- inaccessible --
602c5614	-- inaccessible --
602c5618	-- inaccessible --
602c561c	-- inaccessible --
602c5620	-- inaccessible --
602c5624	-- inaccessible --
602c5628	-- inaccessible --
602c562c	-- inaccessible --
602c5630	-- inaccessible --
602c5634	-- inaccessible --
602c5638	-- inaccessible --
602c563c	-- inaccessible --
602c5640	-- inaccessible --
602c5644	-- inaccessible --
602c5648	-- inaccessible --
602c564c	-- inaccessible --
602c5650	-- inaccessible --
602c5654	-- inaccessible --
602c5658	-- inaccessible --
602c565c	-- inaccessible --
602c5660	-- inaccessible --
602c5664	-- inaccessible --
602c5668	-- inaccessible --
602c566c	-- inaccessible --
602c5670	-- inaccessible --
602c5674	-- inaccessible --
602c5678	-- inaccessible --
602c567c	-- inaccessible --

⇓ click on the title of a section to open or close it.

Disassembly of stack frame 1 at AcroForm.api + 0x48BFC2

608fbed8	c78424b800000004000000	mov dword ptr [esp+0B8h],4
608fbee3	50	push eax
608fbee4	8d4c2460	lea ecx,[esp+60h]
608fbee8	e86bba0800	call AcroForm!DllUnregisterServer+0x2d0bc6 (60987958)
608fbeed	8d442458	lea eax,[esp+58h]
608fbef1	c68424b400000005	mov byte ptr [esp+0B4h],5
608fbef9	50	push eax
608fbefa	8d4c2428	lea ecx,[esp+28h]
608fbefe	e86eb90800	call AcroForm!DllUnregisterServer+0x2d0adf (60987871)
608fbf03	6808f8d160	push offset AcroForm!DllUnregisterServer+0x668a76 (60d1f808)
608fbf08	8d442428	lea eax,[esp+28h]
608fbf0c	e963ffffff	jmp AcroForm!DllUnregisterServer+0x2450e2 (608fbe74)
608fbf11	6844460000	push 4644h
608fbf16	8d4c2428	lea ecx,[esp+28h]
608fbf1a	e8f715cbff	call AcroForm!PlugInMain+0xcd176 (605ad516)
608fbf1f	6a00	push 0
608fbf21	8d442428	lea eax,[esp+28h]
608fbf25	c78424b800000006000000	mov dword ptr [esp+0B8h],6
608fbf30	50	push eax
608fbf31	8d4c247c	lea ecx,[esp+7Ch]
608fbf35	e81eba0800	call AcroForm!DllUnregisterServer+0x2d0bc6 (60987958)
608fbf3a	8d442474	lea eax,[esp+74h]
608fbf3e	c68424b400000007	mov byte ptr [esp+0B4h],7
608fbf46	50	push eax
608fbf47	8d8c2494000000	lea ecx,[esp+94h]
608fbf4e	e81eb90800	call AcroForm!DllUnregisterServer+0x2d0adf (60987871)
608fbf53	6808f8d160	push offset AcroForm!DllUnregisterServer+0x668a76 (60d1f808)
608fbf58	8d842494000000	lea eax,[esp+94h]
608fbf5f	e910ffffff	jmp AcroForm!DllUnregisterServer+0x2450e2 (608fbe74)
608fbf64	8b8c24ac000000	mov ecx,dword ptr [esp+0ACh]
608fbf6b	64890d00000000	mov dword ptr fs:[0],ecx
608fbf72	59	pop ecx
608fbf73	5f	pop edi
608fbf74	5e	pop esi
608fbf75	5d	pop ebp
608fbf76	5b	pop ebx
608fbf77	81c4a4000000	add esp,0A4h
608fbf7d	c21800	ret 18h
608fbf80	55	push ebp
608fbf81	8bec	mov ebp,esp
608fbf83	56	push esi
608fbf84	ff7508	push dword ptr [ebp+8]
608fbf87	8bf1	mov esi,ecx
608fbf89	8b4e1c	mov ecx,dword ptr [esi+1Ch]
608fbf8c	e87cfaffff	call AcroForm!DllUnregisterServer+0x244c7b (608fba0d)
608fbf91	8b4d08	mov ecx,dword ptr [ebp+8]
608fbf94	50	push eax
608fbf95	50	push eax
608fbf96	e8ca240000	call AcroForm!DllUnregisterServer+0x2476d3 (608fe465)
608fbf9b	50	push eax
608fbf9c	e8df010000	call AcroForm!DllUnregisterServer+0x2453ee (608fc180)
608fbfa1	8b5614	mov edx,dword ptr [esi+14h]
608fbfa4	59	pop ecx
608fbfa5	03d0	add edx,eax
608fbfa7	8b4640	mov eax,dword ptr [esi+40h]
608fbfaa	59	pop ecx
608fbfab	8b4d14	mov ecx,dword ptr [ebp+14h]
608fbfae	895614	mov dword ptr [esi+14h],edx
608fbfb1	66d3e2	shl dx,cl
608fbfb4	8b4e34	mov ecx,dword ptr [esi+34h]
608fbfb7	0faf4d0c	imul ecx,dword ptr [ebp+0Ch]
608fbfbb	5e	pop esi
608fbfbc	034d10	add ecx,dword ptr [ebp+10h]
608fbfbf	c1e107	shl ecx,7
608fbfc2	66891401	mov word ptr [ecx+eax],dx // current instruction
608fbfc6	5d	pop ebp
608fbfc7	c21000	ret 10h
608fbfca	56	push esi
608fbfcb	57	push edi
608fbfcc	33f6	xor esi,esi
608fbfce	8bf9	mov edi,ecx
608fbfd0	8b4c240c	mov ecx,dword ptr [esp+0Ch]
608fbfd4	46	inc esi
608fbfd5	56	push esi
608fbfd6	e88a240000	call AcroForm!DllUnregisterServer+0x2476d3 (608fe465)
608fbfdb	85c0	test eax,eax
608fbfdd	741d	je AcroForm!DllUnregisterServer+0x24526a (608fbffc)
608fbfdf	8b5734	mov edx,dword ptr [edi+34h]
608fbfe2	0faf542410	imul edx,dword ptr [esp+10h]
608fbfe7	8b4740	mov eax,dword ptr [edi+40h]
608fbfea	8b4c2418	mov ecx,dword ptr [esp+18h]
608fbfee	66d3e6	shl si,cl
608fbff1	03542414	add edx,dword ptr [esp+14h]
608fbff5	c1e207	shl edx,7
608fbff8	66093402	or word ptr [edx+eax],si
608fbffc	5f	pop edi
608fbffd	5e	pop esi
608fbffe	c21000	ret 10h
608fc001	6aff	push 0FFFFFFFFh
608fc003	687ec4b060	push offset AcroForm!DllUnregisterServer+0x4556ec (60b0c47e)
608fc008	64a100000000	mov eax,dword ptr fs:[00000000h]
608fc00e	50	push eax
608fc00f	81ecd8000000	sub esp,0D8h
608fc015	a11093f460	mov eax,dword ptr [AcroForm!DllUnregisterServer+0x89257e (60f49310)]
608fc01a	33c4	xor eax,esp
608fc01c	898424d4000000	mov dword ptr [esp+0D4h],eax
608fc023	53	push ebx
608fc024	55	push ebp
608fc025	56	push esi
608fc026	57	push edi
608fc027	a11093f460	mov eax,dword ptr [AcroForm!DllUnregisterServer+0x89257e (60f49310)]
608fc02c	33c4	xor eax,esp
608fc02e	50	push eax
608fc02f	8d8424ec000000	lea eax,[esp+0ECh]
608fc036	64a300000000	mov dword ptr fs:[00000000h],eax
608fc03c	8bf9	mov edi,ecx
608fc03e	8b842404010000	mov eax,dword ptr [esp+104h]
608fc045	8b9c24fc000000	mov ebx,dword ptr [esp+0FCh]
608fc04c	8bac2400010000	mov ebp,dword ptr [esp+100h]
608fc053	6880000000	push 80h
608fc058	89442418	mov dword ptr [esp+18h],eax
608fc05c	8d44246c	lea eax,[esp+6Ch]
608fc060	6a00	push 0
608fc062	50	push eax

⇓ click on the title of a section to open or close it.

Disassembly of stack frame 2 at AcroForm.api + 0x48CA83

608fc9bf	e8defdc5ff	call AcroForm!PlugInMain+0x7c402 (6055c7a2)
608fc9c4	8a45f3	mov al,byte ptr [ebp-0Dh]
608fc9c7	e8ca24beff	call AcroForm+0x6ee96 (604dee96)
608fc9cc	c3	ret
608fc9cd	83ec18	sub esp,18h
608fc9d0	53	push ebx
608fc9d1	55	push ebp
608fc9d2	56	push esi
608fc9d3	57	push edi
608fc9d4	8bf1	mov esi,ecx
608fc9d6	e8f71a0000	call AcroForm!DllUnregisterServer+0x247740 (608fe4d2)
608fc9db	33ff	xor edi,edi
608fc9dd	837e6401	cmp dword ptr [esi+64h],1
608fc9e1	897c2418	mov dword ptr [esp+18h],edi
608fc9e5	0f8405010000	je AcroForm!DllUnregisterServer+0x245d5e (608fcaf0)
608fc9eb	33c9	xor ecx,ecx
608fc9ed	894c241c	mov dword ptr [esp+1Ch],ecx
608fc9f1	394e54	cmp dword ptr [esi+54h],ecx
608fc9f4	0f864c010000	jbe AcroForm!DllUnregisterServer+0x245db4 (608fcb46)
608fc9fa	33ed	xor ebp,ebp
608fc9fc	896c2414	mov dword ptr [esp+14h],ebp
608fca00	396e58	cmp dword ptr [esi+58h],ebp
608fca03	0f86d7000000	jbe AcroForm!DllUnregisterServer+0x245d4e (608fcae0)
608fca09	837e2400	cmp dword ptr [esi+24h],0
608fca0d	741d	je AcroForm!DllUnregisterServer+0x245c9a (608fca2c)
608fca0f	397e24	cmp dword ptr [esi+24h],edi
608fca12	7518	jne AcroForm!DllUnregisterServer+0x245c9a (608fca2c)
608fca14	8bce	mov ecx,esi
608fca16	e8b71a0000	call AcroForm!DllUnregisterServer+0x247740 (608fe4d2)
608fca1b	8bce	mov ecx,esi
608fca1d	e806fbffff	call AcroForm!DllUnregisterServer+0x245796 (608fc528)
608fca22	8b4c241c	mov ecx,dword ptr [esp+1Ch]
608fca26	33ff	xor edi,edi
608fca28	897c2418	mov dword ptr [esp+18h],edi
608fca2c	33db	xor ebx,ebx
608fca2e	395e64	cmp dword ptr [esi+64h],ebx
608fca31	0f8696000000	jbe AcroForm!DllUnregisterServer+0x245d3b (608fcacd)
608fca37	8b5668	mov edx,dword ptr [esi+68h]
608fca3a	8b7c2414	mov edi,dword ptr [esp+14h]
608fca3e	8b2c9a	mov ebp,dword ptr [edx+ebx*4]
608fca41	33c0	xor eax,eax
608fca43	89442410	mov dword ptr [esp+10h],eax
608fca47	8b6d08	mov ebp,dword ptr [ebp+8]
608fca4a	85ed	test ebp,ebp
608fca4c	746d	je AcroForm!DllUnregisterServer+0x245d29 (608fcabb)
608fca4e	8b149a	mov edx,dword ptr [edx+ebx*4]
608fca51	8b5204	mov edx,dword ptr [edx+4]
608fca54	89542424	mov dword ptr [esp+24h],edx
608fca58	0fafe9	imul ebp,ecx
608fca5b	33d2	xor edx,edx
608fca5d	89542420	mov dword ptr [esp+20h],edx
608fca61	03e8	add ebp,eax
608fca63	39542424	cmp dword ptr [esp+24h],edx
608fca67	763c	jbe AcroForm!DllUnregisterServer+0x245d13 (608fcaa5)
608fca69	8b4668	mov eax,dword ptr [esi+68h]
608fca6c	ff74242c	push dword ptr [esp+2Ch]
608fca70	8b0c98	mov ecx,dword ptr [eax+ebx*4]
608fca73	8b4104	mov eax,dword ptr [ecx+4]
608fca76	0fafc7	imul eax,edi
608fca79	03c2	add eax,edx
608fca7b	50	push eax
608fca7c	55	push ebp
608fca7d	56	push esi
608fca7e	e8fdf4ffff	call AcroForm!DllUnregisterServer+0x2451ee (608fbf80) // call
608fca83	8b4668	mov eax,dword ptr [esi+68h] // return address
608fca86	8b542420	mov edx,dword ptr [esp+20h]
608fca8a	42	inc edx
608fca8b	89542420	mov dword ptr [esp+20h],edx
608fca8f	8b0498	mov eax,dword ptr [eax+ebx*4]
608fca92	8b4004	mov eax,dword ptr [eax+4]
608fca95	89442424	mov dword ptr [esp+24h],eax
608fca99	3bd0	cmp edx,eax
608fca9b	72cc	jb AcroForm!DllUnregisterServer+0x245cd7 (608fca69)
608fca9d	8b4c241c	mov ecx,dword ptr [esp+1Ch]
608fcaa1	8b442410	mov eax,dword ptr [esp+10h]
608fcaa5	8b5668	mov edx,dword ptr [esi+68h]
608fcaa8	40	inc eax
608fcaa9	89442410	mov dword ptr [esp+10h],eax
608fcaad	8b049a	mov eax,dword ptr [edx+ebx*4]
608fcab0	8b6808	mov ebp,dword ptr [eax+8]
608fcab3	8b442410	mov eax,dword ptr [esp+10h]
608fcab7	3bc5	cmp eax,ebp
608fcab9	729d	jb AcroForm!DllUnregisterServer+0x245cc6 (608fca58)
608fcabb	43	inc ebx
608fcabc	3b5e64	cmp ebx,dword ptr [esi+64h]
608fcabf	0f8279ffffff	jb AcroForm!DllUnregisterServer+0x245cac (608fca3e)
608fcac5	8b7c2418	mov edi,dword ptr [esp+18h]
608fcac9	8b6c2414	mov ebp,dword ptr [esp+14h]
608fcacd	45	inc ebp
608fcace	47	inc edi
608fcacf	896c2414	mov dword ptr [esp+14h],ebp
608fcad3	897c2418	mov dword ptr [esp+18h],edi
608fcad7	3b6e58	cmp ebp,dword ptr [esi+58h]
608fcada	0f8229ffffff	jb AcroForm!DllUnregisterServer+0x245c77 (608fca09)
608fcae0	41	inc ecx
608fcae1	894c241c	mov dword ptr [esp+1Ch],ecx
608fcae5	3b4e54	cmp ecx,dword ptr [esi+54h]
608fcae8	0f820cffffff	jb AcroForm!DllUnregisterServer+0x245c68 (608fc9fa)
608fcaee	eb56	jmp AcroForm!DllUnregisterServer+0x245db4 (608fcb46)
608fcaf0	8b4668	mov eax,dword ptr [esi+68h]
608fcaf3	33db	xor ebx,ebx
608fcaf5	8b00	mov eax,dword ptr [eax]
608fcaf7	395828	cmp dword ptr [eax+28h],ebx
608fcafa	764a	jbe AcroForm!DllUnregisterServer+0x245db4 (608fcb46)
608fcafc	33ed	xor ebp,ebp
608fcafe	39682c	cmp dword ptr [eax+2Ch],ebp
608fcb01	7638	jbe AcroForm!DllUnregisterServer+0x245da9 (608fcb3b)
608fcb03	837e2400	cmp dword ptr [esi+24h],0
608fcb07	7415	je AcroForm!DllUnregisterServer+0x245d8c (608fcb1e)
608fcb09	397e24	cmp dword ptr [esi+24h],edi
608fcb0c	7510	jne AcroForm!DllUnregisterServer+0x245d8c (608fcb1e)
608fcb0e	8bce	mov ecx,esi
608fcb10	e8bd190000	call AcroForm!DllUnregisterServer+0x247740 (608fe4d2)
608fcb15	8bce	mov ecx,esi

⇓ click on the title of a section to open or close it.

BugId:	OOBW[0x200]+0 5ed.6ed
Location:	acrord32.exe!acroform.api+0x48BFC2
Description:	An Access Violation exception happened at 0x602C5000 while attempting to write memory at 0x602C5000; at the end of a 512/0x200 bytes heap block at 0x602C4E00. This indicates an Out-Of-Bounds (OOB) access bug was triggered.
Version:	AcroRd32.exe: 18.11.20035.2003 (x86) AcroForm.api: 18.11.20035.2003 (x86)
Security impact:	Potentially exploitable security issue that indicates arbitrary code execution may be possible.
Arguments:	['/n', 'OOBW0x48BFC2.pdf']

eax = 0x602C4E00	xmm0 = 0x4051C7AE147AE148
ebx = 0x1	xmm1 = 0x0
ecx = 0x200	xmm2 = 0x0
edx = 0x0	xmm3 = 0x0
esi = 0xBECFE8	xmm4 = 0x0
edi = 0x0	xmm5 = 0x0
esp = 0xBECB88	xmm6 = 0x402A5A00
ebp = 0xBECB88	xmm7 = 0x3EC05AEB

Image path	AcroRd32.exe
Image name	AcroRd32.exe
Timestamp	Fri Feb 2 20:19:02 2018 (5A74AB96)
CheckSum	00233D1F
ImageSize	0022F000
File version	18.11.20035.2003
Product version	18.11.20035.2003
File flags	0 (Mask 3F)
File OS	50004 CE Win32
File type	1.0 App
File date	00000000.00000000
Translations	0409.04e4
CompanyName	Adobe Systems Incorporated
ProductName	Adobe Acrobat Reader DC
OriginalFilename	AcroRd32.exe
ProductVersion	18.11.20035.264147
FileVersion	18.11.20035.264147
FileDescription	Adobe Acrobat Reader DC
LegalCopyright	Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved.

Loaded symbol image file	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api
Image path	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api
Image name	AcroForm.api
Timestamp	Fri Feb 2 20:09:08 2018 (5A74A944)
CheckSum	00000000
ImageSize	00CFB000
File version	18.11.20035.2003
Product version	18.11.20035.2003
File flags	0 (Mask 3F)
File OS	4 Unknown Win32
File type	2.0 Dll
File date	00000000.00000000
Translations	0409.04b0
CompanyName	Adobe Systems Incorporated
ProductName	Adobe Acrobat Forms
InternalName	AcroForm
OriginalFilename	AcroForm.api
ProductVersion	18.11.20035.264147
FileVersion	18.11.20035.264147
FileDescription	Adobe Acrobat Forms Plug-In
LegalCopyright	Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved.
LegalTrademarks	Adobe, Acrobat and the Acrobat logo are trademarks of Adobe Systems Incorporated which may be registered in certain jurisdictions.
Comments	The Acrobat Forms plug-in allows users to create dynamic electronic forms for fill-in and transmittal.

BugId OOBW[0x200]+0 5ed.6ed @ acrord32.exe!acroform.api+0x48BFC2 summary

Stack

Registers

Memory near access violation at 0x602C5000

Disassembly of stack frame 1 at AcroForm.api + 0x48BFC2

Disassembly of stack frame 2 at AcroForm.api + 0x48CA83

Binary information

AcroRd32.exe

AcroForm.api

Application and cdb output log