Executable with a Specially-Malformed Image Header May Crash Windows NT

ID: Q234557

The information in this article applies to:

Microsoft Windows NT Workstation versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4
Microsoft Windows NT Server versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4
Microsoft Windows NT Server, Enterprise Edition versions 4.0, 4.0 SP4
Microsoft Windows NT Server version 4.0, Terminal Server Edition

SYMPTOMS

If an executable file with a specially-malformed image header is executed, it will cause a system failure and you may receive the following STOP error message on a blue screen:

STOP 0x0000000A IRQ_not_less_or_equal

or

STOP 0x00000050 PAGE_FAULT_IN_NON_PAGED_AREA

RESOLUTION

Windows NT

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual fix. For information on obtaining the latest service pack, please go to:

http://www.microsoft.com/Windows/ServicePacks/

Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack

For information on obtaining the individual fix, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

This hotfix has been posted to the following Internet location as Krnlifxi.exe (x86) and Krnlifxa.exe (Alpha):

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP4/Kernel-fix/

Terminal Server

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0, Terminal Server Edition service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

The English version of this fix should have the following file attributes or later:


   Date       Time     Size        File name      Platform
   -------------------------------------------------------------
   06/07/99   06:46p     365,840   Ntdll.dll      x86
   06/19/99   04:40p     992,448   Ntkrnlmp.exe   x86
   06/19/99   04:39p     971,584   Ntoskrnl.exe   x86

   06/03/99   01:19p     611,600   Ntdll.dll      Alpha
   06/19/99   04:43p   1,461,504   Ntkrnlmp.exe   Alpha
   06/19/99   04:43p   1,459,712   Ntoskrnl.exe   Alpha

This hotfix has been posted to the following Internet location as Krnlifxi.exe (x86) and Krnlifxa.exe (Alpha):

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40tse/Hotfixes-PostSP4/Kernel-fix/

NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:

Q154871 Determining If You Are Eligible for No-Charge Technical Support

STATUS

Windows NT 4.0

Microsoft has confirmed this to be a problem in Windows NT 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 5.

Terminal Server

Microsoft has confirmed this to be a problem in Windows NT Server 4.0, Terminal Server Edition.

MORE INFORMATION

This error condition does not affect Microsoft Windows 95 or Microsoft Windows 98.

For related information on this problem, please visit the Web site at:

http://www.microsoft.com/security/bulletins/MS99-023.asp

For additional security-related information about Microsoft products, please visit the Web site at:

http://www.microsoft.com/security/

Additional query words: DoS denial of service


Keywords          : ntstop ntsecurity kbbug4.00 kbfix4.00 nt4sp5fix 
Version           : winnt:4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: July 2, 1999