File Access URL Vulnerability
A vulnerability exists in Microsoft Windows 95 and Windows 98 that could allow a malicious web site or e-mail message to cause the Windows machine to crash, or to run arbitrary code.
There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.
The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote web site included a long file name or where a long file name was included in an e-mail message.
- Windows 95 and 98
A patch is available from the following location:
- Windows 95:
- Windows 98:
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: November 12, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
|More Guides »||Registry Guide||Support Forums||Software Guide||Scripting Guide||Search|