Microsoft KB Archive/234175

= XADM: Store Stops on Generating NDR or DR for Incoming Malformed Internet Message =

Article ID: 234175

Article Last Modified on 10/26/2006

-

APPLIES TO


 * Microsoft Exchange Server 5.0 Standard Edition
 * Microsoft Exchange Server 5.5 Standard Edition

-



This article was previously published under Q234175





SYMPTOMS
When an Internet user sends an SMIME message to an Exchange Server recipient and requests a delivery receipt (DR), the Exchange Server information store may stop responding with the following information in the Drwtsn32.log and User.dmp files: FramePtr RetAddr   Param1   Param2   Param3   Function Name 0e38f6dc 6fff1a40  3b67ca94 0e9a4b48 00000000 KERNEL32!InterlockedCompareExchange+0xc 0e38f6fc 6fff13c4  01050588 0e9a4b50 004062e5 EXCHMEM!MpHeapFree+0x50 0e38f708 004062e5  0e9a4b50 0041c3b4 0e9a4b50 EXCHMEM!ExchMHeapFree+0x14 0e38f710 0041c3b4  0e9a4b50 00633c9b 0e9a4b50 STORE!MDBFreePv+0xa 0e38f718 00633c9b  0e9a4b50 0e9b9990 0042a06b STORE!CIMailBaseVirtual::operator delete+0xa 0e38f724 0042a06b  00000001 00000000 0e9b9990 STORE!CIMailBaseVirtual::`scalar deleting destructor'+0x17 0e38f738 00438ad0  0e96dd10 00000000 0e9b9990 STORE!CmnContent::Clone+0x73 0e38f750 00441753  0e96dd10 00000000 00000000 STORE!CRFCMIMEemtr::HrUpdateContentNode+0x30 0e38f784 00440733  0e996018 00000400 0e38f7bc STORE!CRFCMIMEemtr::hrEndOfBody+0xe8 0e38f7ac 00438956  0e9cbf78 0e996018 00000000 STORE!CmcvtrBdy::hrEmit+0xca 0e38f7d4 00438895  0fb20fb0 00002000 0e38f860 STORE!CINETemtr::hrEmit+0x82 0e38f7f4 00405261  0105e034 0e9c5460 0e38f83c STORE!CConvertStream::Read+0x5b 0e38f820 0047b4c3  0e9b9928 0fb20fb0 00002000 STORE!MDB::PunkFromHsot+0x7e 0e38f83c 0047b436  00002000 0fb20fb0 0e38f860 STORE!EcReadStreamOp+0x4f 0e38f860 00406d35  00000007 0000001a 001f2a94 STORE!EcReadStream+0x5e 0e9c5524 00402111  00000000 0e9823d0 00000068 STORE!EcRpc+0x87b The information store may also stop responding and return an access violation if it creates a non-delivery report (NDR) on a specific type of incoming Internet message. Specifically, if the Send attachments Using HTML check box is selected in the Internet Mail Service, and a non-MIME message arrives that contains an incorrect user name and references to URLs in the message, the information store stops responding and returns an access violation. The preceding stack dump will also be found in the Drwtsn32.log and User.dmp files.



CAUSE
When the Exchange Server information store attempts to generate the DR, it incorrectly tries to free the same object twice. This results in an access violation, which causes the store to crash.



Exchange Server Version 5.0
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Microsoft Exchange Server version 5.0 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:

Component: Information Store

Exchange Server Version 5.5
To resolve this problem, obtain the latest service pack for Exchange Server version 5.5. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

191014 XGEN: How to Obtain the Latest Exchange Server 5.5 Service Pack

The English version of this fix should have the following file attributes or later:

Component: Information Store

NOTE: This fix requires the Directory fix described in the following Microsoft Knowledge Base article:

230285 XADM:'Denial of service' Vulnerability in Store with IMAP or POP3



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange Server versions 5.0 and 5.5. This problem was first corrected in Exchange Server 5.5 Service Pack 3.

Keywords: kbhotfixserver kbqfe kbbug kbexchange500presp3fix kbfix kbqfe KB234175

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.