Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: hterm~1.htm

HyperTerminal Buffer Overflow



Vulnerability

    HyperTerminal

Affected

    Win2000 (all versions), Me, 98 and 98SE

Description

    The USSR  Team has  found a  buffer overflow  in the HyperTerminal
    telnet client,  which is  in the  code that  processes the  Telnet
    URL's, that can  enable an attacker  to execute arbitrary  code on
    another user's system.   If a user  opens an mail  containing HTML
    and also  contains a  malformed Telnet  URL a  buffer overrun will
    enable  the  creator  of  the  mail  to cause arbitrary code to be
    runned on the user's system.

    Example:

        telnet://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:aaaa/

    The other resides in a section of the code that processes  session
    files - files that  enable HyperTerminal users to  specify session
    parameters  such  as  the  connection  method  and the destination
    host.  If a user opened a session file that contained a particular
    type  of  malformed  information,  it  would  trigger  the  buffer
    overrun.

Solution

    Microsoft has re-released original bulletin in May 2001 to inform
    customers of the availability of an updated set of patches to
    address both the original and a second vulnerability identified
    in HyperTerminal.  Information about the second issue is discussed
    in the PROBLEM section above.

    A patch is available to  fix this vulnerability.  Please  read the
    Security Bulletin:

        http://www.microsoft.com/technet/security/bulletin/ms00-079.asp

    for information on obtaining this patch.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH