Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. XADM: Store May Crash When User Accepts Meeting Request in Outlook Web Access

XADM: Store May Crash When User Accepts Meeting Request in Outlook Web Access

View products that this article applies to.

This article was previously published under Q305370

↑ Back to the top

Symptoms

When a user accepts a meeting request in Outlook Web Access (OWA), the store may stop responding (crash) with the following call stack: 
ChildEBP RetAddr Args to Child 
68e5d340 61246991 0d0c2798 00005dd2 68e5d594 EXCHMEM!ExchMHeapFree+0x80
68e5d39c 612555d5 0c8ea880 68e5d594 1292a340 EXCDO!HrSyncCdoOlFBCOnCreateSingle+0x486
68e5d3c8 61254791 68e5d6b0 00000000 00000000 EXCDO!HrSyncCdoOlFBC+0xad
68e5d420 61254ae3 0000ffff 00000000 68e5d594 EXCDO!CExpStatus__HrFBPublish+0x2e7 
68e5d448 61254912 00000001 00000000 1fffffff EXCDO!CExpStatus___HrUpdateFB+0x4b2 
68e5d46c 6123a168 00000001 00000000 00000001 EXCDO!CExpStatus__HrUpdateFB+0x26
68e5d490 61270624 00000000 68e5d6b0 00000000 EXCDO!CExpStatus__HrSaveSingle+0xee 
230a91e0 00470ac0 23555498 236cd184 236cd018 EXCDO!HrSavingAppt+0x5b2 
230a92bc 00650072 00610077 006c006c 0031002d store!EcSortAttachlist+0x11e

↑ Back to the top

Cause

The problem is that Exchange 2000 allocates a buffer for the new Microsoft Outlook cache based on the header size, but later when saving the appointment, Exchange 2000 copies the amount of data based on the SPropValue size. The problem comes in when the header size is smaller than the SPropValue size. When this condition occurs, Exchange 2000 copies more data to the target memory location than was allocated, which overruns the buffer.

↑ Back to the top

Resolution

To resolve this issue, before Exchange 2000 copies to the target memory location, it compares the header value with the SPropValue size. If they are different, Exchange 2000 regenerates the cache and synchronizes the values.

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. The English version of this fix should have the following file attributes or later:

Component: CDO

Collapse this tableExpand this table
File nameVersion
Store.exe6.0.4720.43
Jcb.dll6.0.4720.43
Exoledb.dll6.0.4720.43
Excdo.dll6.0.4720.43
Mdbsz.dll6.0.4720.43

NOTE: Due to file dependencies, this update requires Microsoft Exchange Server 2000 Service Pack 1.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.

↑ Back to the top

Keywords: KB305370, kbqfe, kbfix, kbexchange2000presp2fix, kbbug, kbhotfixserver, kbautohotfix

↑ Back to the top

Article Info
Article ID : 305370
Revision : 7
Created on : 2/19/2007
Published on : 2/19/2007
Exists online : False
Views : 290