Microsoft KB Archive/311486

= A Program that Passes Invalid Screen Size Parameters Causes an Access Violation =

Article ID: 311486

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional

-



This article was previously published under Q311486



SYMPTOMS
The versions of Windows listed at the beginning of this article contain the following vulnerability: When you run a local program that passes invalid parameters that are smaller than the screen size, this causes an access violation (AV). As a result, Windows stops responding (crashes).

Sample Code
The following uncompiled sample code is known to cause this behavior:
 * 1) include 

int main(void) { while(1) printf(&quot;\t\t\b\b\b\b\b\b&quot;); return 0; }



CAUSE
This behavior occurs because Windows checks invalid parameters that are larger than the screen size, but does not currently check invalid parameters that are smaller than the screen size.



Windows XP
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to Obtain the Latest Windows XP Service Pack

The English-language version of this fix should have the following file attributes or later:   Date         Time   Version      Size     File name 02-Nov-2001 21:43  5.1.2600.19  272,384  Winsrv.dll 02-Nov-2001 21:43  5.1.2600.19  272,384  Winsrv.dll

Windows 2000
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English-language version of this fix should have the following file attributes or later:   Date         Time   Version        Size       File name --  05-Nov-2001  18:57  5.0.2195.4572    222,480  Gdi32.dll 05-Nov-2001 18:57  5.0.2195.4272    731,920  Kernel32.dll 25-Jun-2001 18:17  3.10.0.103        47,808  User.exe 05-Nov-2001 18:57  5.0.2195.4314    402,192  User32.dll 05-Nov-2001 18:57  5.0.2195.4345    371,984  Userenv.dll 27-Sep-2001 15:00  5.0.2195.4426  1,731,536  Win32k.sys 30-Oct-2001 18:17  5.0.2195.4575    178,960  Winlogon.exe 05-Nov-2001 18:58  5.0.2195.4553    243,472  Winsrv.dll 05-Nov-2001 18:58  5.0.2195.4272    731,920  Kernel32.dll 05-Nov-2001 18:58  5.0.2195.4426  1,731,536  Win32k.sys 05-Nov-2001 18:58  5.0.2195.4553    243,472  Winsrv.dll



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 3 (SP3) and Microsoft Windows XP Service Pack 1 (SP1).



MORE INFORMATION
This update causes Windows to check lower boundaries. The Winsrv.dll file is directly affected by this update, but the following files are included because of dependency issues:

User.exe

User32.dll

Win32k.sys

Gdi32.dll

Userenv.dll

Kernel32.dll

Winlogon.exe

Additional query words: kbShell

Keywords: kbbug kbfix kbshell kbwin2000presp3fix kbqfe kbwin2000sp3fix kbsecurity kbwinxpsp1fix kbhotfixserver KB311486

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.