Reported October 19, 2000 by USSR Labs

VERSIONS AFFECTED
  • Hilgraeve HyperTerminal

DESCRIPTION

Hilgraeve HyperTerminal is shipped with Microsoft Windows 2000, Windows ME, Windows 98SE, and Windows 98.  A buffer overrun has been discovered in the HyperTerminal Telnet module that can allow a malicious user to launch arbitrary commands.  This exploit, in theory, could be launched remotely by way of an email containing the buffer overrun.

DEMONSTRATION

The overrun is performed quite simply by sending the following;  telnet://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxx:xxxx/

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-079 available at;  http://www.microsoft.com/technet/security/bulletin/MS00-079.asp

Microsoft has also released a patch for Windows 98 and Windows 98SE available at; http://download.microsoft.com/download/win98/Update/12395/W98/EN-US/274548USA8.EXE

For Windows ME;
http://download.microsoft.com/download/winme/Update/12395/WinMe/EN-US/274548USAM.EXE

For Windows 2000; http://www.microsoft.com/downloads/release.asp?releaseid=25112

A patch for the pay version of HyperTerminal is available from Hilgraeve is available at http://www.hilgraeve.com

CREDIT
Discovered by
USSR Labs