Security Home > Windows 95, 98 & ME

File Access URL Vulnerability

A vulnerability exists in Microsoft Windows 95 and Windows 98 that could allow a malicious web site or e-mail message to cause the Windows machine to crash, or to run arbitrary code.


There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.

The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote web site included a long file name or where a long file name was included in an e-mail message.

Affected Products

  • Windows 95 and 98


A patch is available from the following location:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: November 12, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<