HyperTerminal Telnet is Vulnerable to a Buffer Overrun

HyperTeminal, which is shipped with most Windows versions is vulnerable to a buffer overrun that could allow a malicious attacker launch programs.

Steve Manzuik

October 18, 2000

1 Min Read
ITPro Today logo

Reported October 19, 2000 by USSR Labs


DESCRIPTIONHilgraeve HyperTerminal is shipped with Microsoft Windows 2000, Windows ME, Windows 98SE, and Windows 98.  A buffer overrun has been discovered in the HyperTerminal Telnet module that can allow a malicious user to launch arbitrary commands.  This exploit, in theory, could be launched remotely by way of an email containing the buffer overrun.


The overrun is performed quite simply by sending the following;  telnet://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:xxxx/


Microsoft has released a security bulletin, MS00-079 available at;  http://www.microsoft.com/technet/security/bulletin/MS00-079.asp

Microsoft has also released a patch for Windows 98 and Windows 98SE available at; http://download.microsoft.com/download/win98/Update/12395/W98/EN-US/274548USA8.EXEFor Windows ME; http://download.microsoft.com/download/winme/Update/12395/WinMe/EN-US/274548USAM.EXE

For Windows 2000; http://www.microsoft.com/downloads/release.asp?releaseid=25112

A patch for the pay version of HyperTerminal is available from Hilgraeve is available at http://www.hilgraeve.com

CREDITDiscovered by USSR Labs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like