SUMMARY
Microsoft has released a patch that eliminates a vulnerability in the
Telnet client that ships as part of Microsoft Windows 95, Windows 98,
and Windows 98 Second Edition. The Telnet client that ships as part of
Windows 95, Windows 98, and Windows 98 Second Edition has an unchecked
buffer. A specially malformed argument could be passed to the client through a Web page that may allow arbitrary code to be run on the computer through a
classic buffer overrun technique.
Additional information about this issue is available from the following
Microsoft Web sites:
Updates are available for the following products:
- Microsoft Windows 95
- Microsoft Windows 95 OEM Service Release 1, 2, 2.1, 2.5
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
MORE INFORMATION
This hotfix has been posted to the following Internet location:
For Windows 98:
For Windows 95:
NOTE: For Windows 95, this update requires the Dial-Up Networking 1.3 Performance and Security Update located at:
If you do not have the the Dial-Up Networking 1.3 Performance and Security Update, you may receive the following error message when installing this update:
Windows 95 TELNET Update
You must have the Microsoft DUN 1.3 Update or Winsock 2.0 Update
installed before installing this TELNET update. You can find Windows 95
download information at
http://www.microsoft.com/windows95/downloads/.
To download the Dial-Up Networking 1.3 Performance and Security Update (Msdun13.exe),
please go to the following Microsoft Web site:
Once you have installed the DUN 1.3 Update, apply (or re-apply) the Microsoft Windows 95 Year 2000 Corporate Update to provide replacement files to correct known year 2000 (Y2K) issues with the Windows 95 operating system. For additional information about the Windows 95 Year 2000 Corporate Update, please click the article number below to view the article in the Microsoft Knowledge Base:
229862 Microsoft Windows 95 Year 2000 Corporate Update
When you click a link to an "rlogin:", "telnet:" or "tn3270:" protocol
URL, Internet Explorer automatically starts Telnet.exe. Some Web
browsers, such as Internet Explorer 5, version 5.00.2614.3500
(Windows 98 Second Edition), prevent the malformed argument from
being passed to the Telnet client, and users would not be vulnerable
to this attack through a Web page, even if they had an otherwise-
affected Telnet client.
The "Malformed Favorites Icon" patch also prevents the malformed
argument from being passed to the Telnet client from Internet
Explorer 5, versions 5.00.2014.0216 and 5.00.2314.1003 (Office 2000).
The unchecked buffer in the original Windows 95, Windows 98, or Windows 98 Second Edition Telnet still remains, but is no longer exploitable through
a Web page.
For information about how to install the Malformed Favorites Icon
fix, please click the link below to view the information on the
Microsoft Web site:
Internet Explorer 5, version 5.00.2614.3500 (Windows 98 Second
Edition) or Internet Explorer 5, versions 5.00.2014.0216 and
5.00.2314.1003 (Office 2000) with the "Malformed Favorites Icon"
patch prevent the vulnerability from being exploited remotely,
but does not eliminate the underlying vulnerability in the Telnet
client. To eliminate the underlying vulnerability in the Telnet
client that ships with Windows 95, Windows 98, and Windows 98 Second Edition, Microsoft recommends that you update Telnet.exe to version
5.0.1755.2.
NOTE: The "Malformed Favorites Icon" patch is a temporary
workaround for Internet Explorer 5 only. Although a version of
the patch is available for Internet Explorer 4.0, it does not
protect against the "Malformed Telnet Argument" vulnerability.
For additional information about the "Malformed Favorites Icon"
patch, please click the article number below to view the article
in the Microsoft Knowledge Base:
231450 Update
Available for the "Malformed Favorites Icon" Issue