[Bug] mapi32.dll and logged-in users

Started by fixer, August 09, 2017, 11:39:13 PM

Previous topic - Next topic

fixer

Some API functions from mapi32.dll, e.g. MAPISendMail and Send as attachment feature in Office that utilizes this function can crash the program. During DLL loading to send a mail the function communicates with State Repository Service, which looks for extension by category. By user and category, to be precise. If some non logged-in user (I don't mean just ReHIPS user here, any user other than logged-in user) calls this function, this user isn't found in a service list of users, the search fails and returns error. But mapi32.dll function doesn't check for error, it dereferences the null pointer instead crashing the program.

It was found just a couple of weeks ago, this bug was recently added with one of Windows 10 updates. So there is some hope, it'll be fixed soon.