MAPIInitialize/MAPILogonEx/OpenMsgStore crashes when the available virtual memory of the calling process is in a specific range | Joachim De Zutter
August 2016

Affected software:
Microsoft Office 2013 15.0.4420.1017 (32-bit)
Microsoft Office 2016 16.0.7070.2033 (32-bit)
Microsoft Office 2016 16.0.7070.2036 (32-bit)
Microsoft Office 2016 16.0.7167.2040 (32-bit)

Crashes have been reproducible on:
Windows 8.1
Windows 10 Pro (64-bit)

To reproduce the crashes we may modify the MFCMAPI (32-bit) code by inserting this code:
    MEMORYSTATUSEX statex;
    void *c;
    do {
        c = malloc(1024 * 1024);
        statex.dwLength = sizeof (statex);
        if (GlobalMemoryStatusEx(&statex)) {
            DebugPrint(DBGGeneric, L"Available virtual memory = %ld\n",  (statex.ullAvailVirtual / (1024 * 1024)));
        }
    } while (c != 0 && (statex.ullAvailVirtual / (1024 * 1024)) > MAGIC);
In the function with signature void CMapiObjects::MAPILogonEx(_In_ HWND hwnd, _In_opt_z_ LPTSTR szProfileName, ULONG ulFlags) in file MAPIObjects.cpp before the call to MAPIInitialize.

MAGIC should be defined to be a specific number.

MS Office 2016 16.0.7167.2040 on Windows 8.1

99 when clicking Session - Logon:
crash during MAPIInitialize:
Unhandled exception at 0x7EEAF2D3 (OLMAPI32.DLL) in MFCMapi.exe : 0xC0000005 : Access violation writing location 0x00000000.

99
Unhandled exception at 0x76784598 (KernelBase.dll) in MFCMapi.exe : 0xC06D007E : Module not found(parameters : 0x0156F4F8).

0 - 97 when clicking Session - Logon: no crashes:
MAPIInitialize failed with error 0x80004005 == MAPI_E_CALL_FAILED.

MS Office 2016 16.0.7167.2040 on Windows 10 Pro

401 - 512 no crashes / no errors

378, 379, 380, 384, 392, 400 when clicking Session - Login and double-clicking on an e-mail address:
crash during OpenMsgStore:
Unhandled exception at 0x77B16D79 (ntdll.dll) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000014.

378 when clicking Session - Logon:
Unhandled exception at 0x7517DAE8 (KernelBase.dll) in MFCMapi.exe: 0xC06D007E: Module not found (parameters: 0xFF19EC38).

312, 320, 360, 372 when clicking Session - Logon and double-clicking on an e-mailaddress:
OpenMsgStore failed with MAPI_E_EXTENDED_ERROR == 0x80040119

320 when clicking Session - Logon:
Unhandled exception at 0x7517DAE8 (KernelBase.dll) in MFCMapi.exe: 0xC06D007E: Module not found (parameters: 0x0030F010).

320 when clicking Session - Logon:
Unhandled exception at 0x7517DAE8 (KernelBase.dll) in MFCMapi.exe: 0xC06D007E: Module not found (parameters: 0x0050ED48).

308 when clicking Session - Logon:
Unhandled exception at 0x7517DAE8 (KernelBase.dll) in MFCMapi.exe: 0xC06D007E: Module not found (parameters: 0xFF89EAE8).

304 when clicking Session - Logon:
crash during MAPILogonEx:
Unhandled exception at 0xF7DF5743 (MSO.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

288 when clicking Session - Logon:
crash during MAPILogonEx:
Unhandled exception at 0xF88C5743 (MSO.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

256 when clicking Session - Logon:
crash during MAPILogonEx:
Unhandled exception at 0xFA875743 (MSO.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

256 when clicking Session - Logon:
crash during MAPILogonEx:
Unhandled exception at 0xFAC15743 (MSO.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

192 when clicking Session - Logon:
crash during MAPIInitialize:
Unhandled exception at 0xFCCAF2D3 (OLMAPI32.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

176 when clicking Session - Logon:
crash during MAPIInitialize:
Unhandled exception at 0xFDE9F2D3 (OLMAPI32.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

168 when clicking Session - Logon:
crash during MAPIInitialize:
Unhandled exception at 0xFE1FF2D3 (OLMAPI32.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

164 when clicking Session - Logon:
crash during MAPIInitialize:
Unhandled exception at 0xFE3BF2D3 (OLMAPI32.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

163 when clicking Session - Logon:
crash during MAPIInitialize:
Unhandled exception at 0xFE6CF2D3 (OLMAPI32.DLL) in MFCMapi.exe: 0xC0000005: Access violation writing location 0x00000000.

162 when clicking Session - Logon:
MAPIInitialize failed with error 0x80004005 == MAPI_E_CALL_FAILED.
Unhandled exception at 0x7517DAE8 (KernelBase.dll) in MFCMapi.exe: 0xC06D007E: Module not found (parameters: 0x004FF458).

0 - 162 when clicking Session - Logon: no crashes:
MAPIInitialize failed with error 0x80004005 == MAPI_E_CALL_FAILED.