RTHDCPL.EXE – Illegal System DLL relocation

A few users have approached me this week reporting this problem with their Windows XP Service Pack 2 computers. It seems that after receiving an update from Microsoft they are getting an error similar to:

“The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occured because the DLL C:\WINDOWS\syste32\HHCTRL.OCX occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL contacted for a new DLL.”

The following Microsoft Knowledge Base Article leads to an update to fix this: MS07-017: Vulnerability in GDI could allow remote code execution.

The cause of the problem is described as “The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if a program loads the Hhctrl.ocx file before the program loads the User32.dll file. Microsoft has confirmed that this problem affects the following third-party applications.” and the actual fix is to install Microsoft Security Update 935448  titled Certain programs may not start, and you receive an error message on a computer that is running Windows XP Service Pack 2: “Illegal System DLL Relocation”

Related

• Dealing with event 4292 on the IPSec Service
• Dealing with Exchange 2007 Recipient Update Service
• Exchange 2007 installation readiness check
• Dealing with inconsistent state error in Exchange 2007
• Dealing with Event ID 1000 UserEnv