Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
File Access URL Vulnerability
A vulnerability exists in Microsoft Windows 95 and Windows 98 that could allow a malicious web site or e-mail message to cause the Windows machine to crash, or to run arbitrary code.
Issue
There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.
The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote web site included a long file name or where a long file name was included in an e-mail message.
Affected Products
- Windows 95 and 98
Solution
A patch is available from the following location:
- Windows 95:
http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe - Windows 98:
http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: November 12, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
