Buffer overrun in Telnet in Windows 95/98 poses a security risk

This article has been archived. It is offered "as is" and will no longer be updated.
Summary
Microsoft has released a patch that eliminates a vulnerability in the Telnet client that ships as part of Microsoft Windows 95, Windows 98, and Windows 98 Second Edition. The Telnet client that ships as part of Windows 95, Windows 98, and Windows 98 Second Edition has an unchecked buffer. A specially malformed argument could be passed to the client through a Web page that may allow arbitrary code to be run on the computer through a classic buffer overrun technique.

Additional information about this issue is available from the following Microsoft Web sites:Updates are available for the following products:
  • Microsoft Windows 95
  • Microsoft Windows 95 OEM Service Release 1, 2, 2.1, 2.5
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
More information
This hotfix has been posted to the following Internet location:

For Windows 98:NOTE: For Windows 95, this update requires the Dial-Up Networking 1.3 Performance and Security Update located at:Once you have installed the DUN 1.3 Update, apply (or re-apply) the Microsoft Windows 95 Year 2000 Corporate Update to provide replacement files to correct known year 2000 (Y2K) issues with the Windows 95 operating system. For additional information about the Windows 95 Year 2000 Corporate Update, please click the article number below to view the article in the Microsoft Knowledge Base:
229862 Microsoft Windows 95 Year 2000 Corporate Update
When you click a link to an "rlogin:", "telnet:" or "tn3270:" protocol URL, Internet Explorer automatically starts Telnet.exe. Some Web browsers, such as Internet Explorer 5, version 5.00.2614.3500 (Windows 98 Second Edition), prevent the malformed argument from being passed to the Telnet client, and users would not be vulnerable to this attack through a Web page, even if they had an otherwise-affected Telnet client.

The "Malformed Favorites Icon" patch also prevents the malformed argument from being passed to the Telnet client from Internet Explorer 5, versions 5.00.2014.0216 and 5.00.2314.1003 (Office 2000). The unchecked buffer in the original Windows 95, Windows 98, or Windows 98 Second Edition Telnet still remains, but is no longer exploitable through a Web page.

For information about how to install the Malformed Favorites Icon fix, please click the link below to view the information on the Microsoft Web site: Internet Explorer 5, version 5.00.2614.3500 (Windows 98 Second Edition) or Internet Explorer 5, versions 5.00.2014.0216 and 5.00.2314.1003 (Office 2000) with the "Malformed Favorites Icon" patch prevent the vulnerability from being exploited remotely, but does not eliminate the underlying vulnerability in the Telnet client. To eliminate the underlying vulnerability in the Telnet client that ships with Windows 95, Windows 98, and Windows 98 Second Edition, Microsoft recommends that you update Telnet.exe to version 5.0.1755.2.

NOTE: The "Malformed Favorites Icon" patch is a temporary workaround for Internet Explorer 5 only. Although a version of the patch is available for Internet Explorer 4.0, it does not protect against the "Malformed Telnet Argument" vulnerability.

For additional information about the "Malformed Favorites Icon" patch, please click the article number below to view the article in the Microsoft Knowledge Base:
231450 Update Available for the "Malformed Favorites Icon" Issue
Properties

Article ID: 240163 - Last Review: 01/11/2015 19:07:00 - Revision: 5.0

  • Microsoft Windows 98 Standard Edition
  • kbnosurvey kbarchive kbinfo kburl KB240163
Feedback