Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
HyperTerminal Telnet is Vulnerable to a Buffer Overrun
HyperTeminal, which is shipped with most Windows versions is vulnerable to a buffer overrun that could allow a malicious attacker launch programs.
Steve Manzuik
October 18, 2000
1 Min Read
Reported October 19, 2000 by USSR Labs VERSIONS AFFECTED DESCRIPTIONHilgraeve HyperTerminal is shipped with Microsoft Windows 2000, Windows ME, Windows 98SE, and Windows 98. A buffer overrun has been discovered in the HyperTerminal Telnet module that can allow a malicious user to launch arbitrary commands. This exploit, in theory, could be launched remotely by way of an email containing the buffer overrun. DEMONSTRATION The overrun is performed quite simply by sending the following; telnet://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:xxxx/ VENDOR RESPONSE Microsoft has released a security bulletin, MS00-079 available at; http://www.microsoft.com/technet/security/bulletin/MS00-079.asp Microsoft has also released a patch for Windows 98 and Windows 98SE available at; http://download.microsoft.com/download/win98/Update/12395/W98/EN-US/274548USA8.EXEFor Windows ME; http://download.microsoft.com/download/winme/Update/12395/WinMe/EN-US/274548USAM.EXE For Windows 2000; http://www.microsoft.com/downloads/release.asp?releaseid=25112 A patch for the pay version of HyperTerminal is available from Hilgraeve is available at http://www.hilgraeve.com CREDITDiscovered by USSR Labs |
About the Author(s)
You May Also Like
