Vulnerability
HyperTerminal
Affected
Win2000 (all versions), Me, 98 and 98SE
Description
The USSR Team has found a buffer overflow in the HyperTerminal
telnet client, which is in the code that processes the Telnet
URL's, that can enable an attacker to execute arbitrary code on
another user's system. If a user opens an mail containing HTML
and also contains a malformed Telnet URL a buffer overrun will
enable the creator of the mail to cause arbitrary code to be
runned on the user's system.
Example:
telnet://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaa:aaaa/
The other resides in a section of the code that processes session
files - files that enable HyperTerminal users to specify session
parameters such as the connection method and the destination
host. If a user opened a session file that contained a particular
type of malformed information, it would trigger the buffer
overrun.
Solution
Microsoft has re-released original bulletin in May 2001 to inform
customers of the availability of an updated set of patches to
address both the original and a second vulnerability identified
in HyperTerminal. Information about the second issue is discussed
in the PROBLEM section above.
A patch is available to fix this vulnerability. Please read the
Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms00-079.asp
for information on obtaining this patch.
Credits
-- UnKnown --
|