Microsoft PowerToys version

0.96.1

Installation method

GitHub

Area(s) with issue?

PowerRename

Steps to reproduce

A critical buffer overflow vulnerability has been identified in Microsoft PowerToys PowerRename utility (version 0.96.x and potentially earlier versions). The vulnerability occurs when processing an unusually large number of files (30,000+), causing a silent application crash with exception code 0xc000027b.
Step 1: Create Test Environment

# Create test directory
New-Item -ItemType Directory -Path "C:\\BufferOverflowTest" -Force
Set-Location "C:\\BufferOverflowTest"

Step 2: Generate Large Number of Files

# Generate 30,000+ files with varying name lengths
for($i = 1; $i -le 35000; $i++) {
$fileName = "test_file_" + $i.ToString("D5") + "_with_long_suffix_to_increase_memory_usage"
$null | Out-File -FilePath "$fileName.txt" -Encoding utf8

# Progress indicator every 1000 files
if ($i % 1000 -eq 0) {
Write-Host "Created $i files..."
}
}
Write-Host "File generation complete: 35,000 files created"

Step 3: Trigger the Vulnerability

1. Open Windows Explorer and navigate to C:\\BufferOverflowTest
2. Select all files (Ctrl+A)
3. Right-click and select "PowerRename"
4. In PowerRename window, enter:

• Search for: test
• Replace with: renamed

5. Click "Apply" or "Rename"

✔️ Expected Behavior

no crash

❌ Actual Behavior

crash

Additional Information

No response

Other Software

No response