It is not the default Telnet client on Windows 2000. HyperTerminal is the default Telnet client on Windows 98, 98SE and ME. If a user opened an HTML mail that contained a particular type of malformed Telnet URL, and HyperTerminal were configured as the default Telnet client, it would trigger the buffer overrun. One resides in a section of the code that processes Telnet URLs.The product contains two unchecked buffers through which an attacker could potentially cause code of her choice to run on another user's machine: The HyperTerminal application is a communications utility that installs by default on all versions of Windows 98, 98SE, Windows ME, Windows NT 4.0, and Windows 2000. Vulnerability Identifier: CVE-2000-0991 General Information Technical details This would enable the malicious user to compromise data or take action on the other user's system.
Both could, under certain conditions, allow a malicious user to execute arbitrary code on another user's system. The scope of both the original and the new vulnerabilities is the same. On May 24, 2001, we re-released the bulletin to advise of the availability of a new patch that corrects both this vulnerability and a subsequently discovered variant.
On October 18, 2000, Microsoft released the original version of this security bulletin, to advise of the availability of a patch that eliminates a security vulnerability in the HyperTerminal application that ships with Microsoft® Windows® 98, Windows 98 Second Edition, Windows Me and Windows 2000. Published: Octo| Updated: December 16, 2002 Security Bulletin Microsoft Security Bulletin MS00-079 - Critical Patch Available for 'HyperTerminal Buffer Overflow' Vulnerability
0 kommentar(er)
