Microsoft Security Bulletin MS00-079
Patch Available for 'HyperTerminal Buffer Overflow' Vulnerability
Originally posted: October 18, 2000
Updated: May 24, 2001
On October 18, 2000, Microsoft released the original version of this security bulletin, to advise of the availability of a patch that eliminates a security vulnerability in the HyperTerminal application that ships with Microsoft® Windows® 98, Windows 98 Second Edition, Windows Me and Windows 2000. On May 24, 2001, we re-released the bulletin to advise of the availability of a new patch that corrects both this vulnerability and a subsequently discovered variant. The scope of both the original and the new vulnerabilities is the same. Both could, under certain conditions, allow a malicious user to execute arbitrary code on another user's system. This would enable the malicious user to compromise data or take action on the other user's system.
- Microsoft Windows 98 and Windows 98SE
- Microsoft Windows Me
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Vulnerability Identifier: CVE-2000-0991
Microsoft thanks Luciano Martins of USSR Labs (www.ussrback.com) for reporting this issue to us and working with us to protect customers.
Support: This is a fully supported patch. Information on contacting Microsoft Product Support Services is available at http://support.microsoft.com/contactussupport/?ws=support.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- October 18, 2000: Bulletin created.
- May 24, 2001: Bulletin revised to advise of new variant of the vulnerability.
- August 30, 2001: Bulletin revised to advise of the availability of a patch for Windows NT 4.0
- December 16, 2002: Update to Patch Availability section.