Microsoft Security Bulletin MS99-033 - Critical
Patch Available for "Malformed Telnet Argument" Vulnerability
Published: September 09, 1999
Originally Posted: September 09, 1999
Microsoft has released a patch that eliminates a vulnerability in the Telnet client that ships as part of Microsoft® Windows® 95 and 98. The vulnerability could allow arbitrary code to be executed on the user's computer.
Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/fq99-033.mspx
The Telnet client that ships as part of Windows 95 and 98 has an unchecked buffer. A specially-malformed argument could be passed to the client via a web page in order to cause arbitrary code to execute on the computer via a classic buffer overrun technique.
Affected Software Versions
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
Vulnerability Identifier: CVE-1999-0749
- Microsoft Windows 95
- Microsoft Windows 98 and Windows 98 Second Edition
Note This patch also is available via WindowsUpdate.
Please see the following references for more information related to this issue.
- Microsoft Security Bulletin MS99-033: Frequently Asked Questions, http://www.microsoft.com/technet/security/bulletin/fq99-033.mspx.
- Microsoft Security web site, http://www.microsoft.com/technet/security/default.mspx
Obtaining Support on this Issue
This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/contactussupport/?ws=support.
Microsoft acknowledges Jeremy Kothe for bringing this issue to our attention.
- September 09, 1999: Bulletin Created.
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Built at 2014-04-18T13:49:36Z-07:00