Article ID: 311486
Article Last Modified on 1/31/2007
APPLIES TO
- Microsoft Windows 2000 Service Pack 1
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Service Pack 1
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
This article was previously published under Q311486
SYMPTOMS
The versions of Windows listed at the beginning of this article contain the following vulnerability: When you run a local program that passes invalid parameters that are smaller than the screen size, this causes an access violation (AV). As a result, Windows stops responding (crashes).
Sample Code
The following uncompiled sample code is known to cause this behavior:
#include <stdio.h> int main(void) { while(1) printf("\t\t\b\b\b\b\b\b"); return 0; }
CAUSE
This behavior occurs because Windows checks invalid parameters that are larger than the screen size, but does not currently check invalid parameters that are smaller than the screen size.
RESOLUTION
Windows XP
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
The English-language version of this fix should have the following file attributes or later:
Date Time Version Size File name ---------------------------------------------------- 02-Nov-2001 21:43 5.1.2600.19 272,384 Winsrv.dll 02-Nov-2001 21:43 5.1.2600.19 272,384 Winsrv.dll
Windows 2000
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English-language version of this fix should have the following file attributes or later:
Date Time Version Size File name ---------------------------------------------------------- 05-Nov-2001 18:57 5.0.2195.4572 222,480 Gdi32.dll 05-Nov-2001 18:57 5.0.2195.4272 731,920 Kernel32.dll 25-Jun-2001 18:17 3.10.0.103 47,808 User.exe 05-Nov-2001 18:57 5.0.2195.4314 402,192 User32.dll 05-Nov-2001 18:57 5.0.2195.4345 371,984 Userenv.dll 27-Sep-2001 15:00 5.0.2195.4426 1,731,536 Win32k.sys 30-Oct-2001 18:17 5.0.2195.4575 178,960 Winlogon.exe 05-Nov-2001 18:58 5.0.2195.4553 243,472 Winsrv.dll 05-Nov-2001 18:58 5.0.2195.4272 731,920 Kernel32.dll 05-Nov-2001 18:58 5.0.2195.4426 1,731,536 Win32k.sys 05-Nov-2001 18:58 5.0.2195.4553 243,472 Winsrv.dll
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 3 (SP3) and Microsoft Windows XP Service Pack 1 (SP1).
MORE INFORMATION
This update causes Windows to check lower boundaries. The Winsrv.dll file is directly affected by this update, but the following files are included because of dependency issues:
User.exe
User32.dll
Win32k.sys
Gdi32.dll
Userenv.dll
Kernel32.dll
Winlogon.exe
Additional query words: kbShell
Keywords: kbbug kbfix kbshell kbwin2000presp3fix kbqfe kbwin2000sp3fix kbsecurity kbwinxpsp1fix kbhotfixserver KB311486