ثغرة في Hyper Terminal في نظم Msn

Electroman please your attention

COMMAND

HyperTerminal

SYSTEMS AFFECTED

Win2000 (all versions), Me, 98 and 98SE

PROBLEM

The USSR Team has found a buffer overflow in the HyperTerminal
telnet client, which is in the code that processes the Telnet
URL's, that can enable an attacker to execute arbitrary code on
another user's system. If a user opens an mail containing HTML
and also contains a malformed Telnet URL a buffer overrun will
enable the creator of the mail to cause arbitrary code to be
runned on the user's system.

Example:

telnet://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:aaaa/

The other resides in a section of the code that processes session
files - files that enable HyperTerminal users to specify session
parameters such as the connection method and the destination
host. If a user opened a session file that contained a particular
type of malformed information, it would trigger the buffer
overrun.

SOLUTION

Microsoft has re-released original bulletin in May 2001 to inform
customers of the availability of an updated set of patches to
address both the original and a second vulnerability identified
in HyperTerminal. Information about the second issue is discussed
in the PROBLEM section above.

A patch is available to fix this vulnerability. Please read the
Security Bulletin:

http://www.microsoft.com/technet/security/bulletin/ms00-079.asp

for information on obtaining this patch.