Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
iAntiVirus for Mac OS X
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
PC Tools Disk Suite
Spyware Doctor Enterprise
Help me choose
File Access URL Vulnerability
A vulnerability exists in Microsoft Windows 95 and Windows 98 that could allow a malicious web site or e-mail message to cause the Windows machine to crash, or to run arbitrary code.
Issue
There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.
The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote web site included a long file name or where a long file name was included in an e-mail message.
Affected Products
- Windows 95 and 98
Solution
A patch is available from the following location:
- Windows 95:
http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe - Windows 98:
http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: November 12, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
