Buffer overrun in Telnet in Windows 95/98 poses a security risk

Article translations Article translations
Article ID: 240163 - View products that this article applies to.
This article was previously published under Q240163
Expand all | Collapse all

SUMMARY

Microsoft has released a patch that eliminates a vulnerability in the Telnet client that ships as part of Microsoft Windows 95, Windows 98, and Windows 98 Second Edition. The Telnet client that ships as part of Windows 95, Windows 98, and Windows 98 Second Edition has an unchecked buffer. A specially malformed argument could be passed to the client through a Web page that may allow arbitrary code to be run on the computer through a classic buffer overrun technique.

Additional information about this issue is available from the following Microsoft Web sites:
http://www.microsoft.com/technet/security/Bulletin/MS99-033.mspx
Updates are available for the following products:
  • Microsoft Windows 95
  • Microsoft Windows 95 OEM Service Release 1, 2, 2.1, 2.5
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition

MORE INFORMATION

This hotfix has been posted to the following Internet location:

For Windows 98:
http://support.microsoft.com/ph/1139
NOTE: For Windows 95, this update requires the Dial-Up Networking 1.3 Performance and Security Update located at:
http://www.microsoft.com/downloads/details.aspx?familyid=CEB0C269-B9BD-481E-950F-09026222CC1E&displaylang=en.
Once you have installed the DUN 1.3 Update, apply (or re-apply) the Microsoft Windows 95 Year 2000 Corporate Update to provide replacement files to correct known year 2000 (Y2K) issues with the Windows 95 operating system. For additional information about the Windows 95 Year 2000 Corporate Update, please click the article number below to view the article in the Microsoft Knowledge Base:
229862 Microsoft Windows 95 Year 2000 Corporate Update
When you click a link to an "rlogin:", "telnet:" or "tn3270:" protocol URL, Internet Explorer automatically starts Telnet.exe. Some Web browsers, such as Internet Explorer 5, version 5.00.2614.3500 (Windows 98 Second Edition), prevent the malformed argument from being passed to the Telnet client, and users would not be vulnerable to this attack through a Web page, even if they had an otherwise- affected Telnet client.

The "Malformed Favorites Icon" patch also prevents the malformed argument from being passed to the Telnet client from Internet Explorer 5, versions 5.00.2014.0216 and 5.00.2314.1003 (Office 2000). The unchecked buffer in the original Windows 95, Windows 98, or Windows 98 Second Edition Telnet still remains, but is no longer exploitable through a Web page.

For information about how to install the Malformed Favorites Icon fix, please click the link below to view the information on the Microsoft Web site:
http://www.microsoft.com/technet/security/Bulletin/MS99-018.mspx
Internet Explorer 5, version 5.00.2614.3500 (Windows 98 Second Edition) or Internet Explorer 5, versions 5.00.2014.0216 and 5.00.2314.1003 (Office 2000) with the "Malformed Favorites Icon" patch prevent the vulnerability from being exploited remotely, but does not eliminate the underlying vulnerability in the Telnet client. To eliminate the underlying vulnerability in the Telnet client that ships with Windows 95, Windows 98, and Windows 98 Second Edition, Microsoft recommends that you update Telnet.exe to version 5.0.1755.2.

NOTE: The "Malformed Favorites Icon" patch is a temporary workaround for Internet Explorer 5 only. Although a version of the patch is available for Internet Explorer 4.0, it does not protect against the "Malformed Telnet Argument" vulnerability.

For additional information about the "Malformed Favorites Icon" patch, please click the article number below to view the article in the Microsoft Knowledge Base:
231450 Update Available for the "Malformed Favorites Icon" Issue

Properties

Article ID: 240163 - Last Review: August 13, 2007 - Revision: 4.6
APPLIES TO
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Windows 98 Standard Edition
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows 95
  • Microsoft Windows 95
Keywords: 
kbinfo kburl KB240163
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com