Consider the following scenario:
- An application or a service queries the HKEY_PERFORMANCE_DATA registry key for the value name “GLOBAL” on a computer that is running Windows Server 2008 or Windows Vista.
- The application or service enumerates the returned performance objects that are provided by the WmiApRpl.dll module. The number of performance objects that are to be accessed is determined by using the value of the NumObjectTypes variable in the returned PERF_DATA_BLOCK data.
In this scenario, the value of the NumObjectTypes variable may become larger than the actual number of performance objects in the buffer. When this occurs, the application or the service tries to read past the end of the buffer. This behavior causes an access violation exception, and then the application or the service crashes.