Security Bulletin
Microsoft Security Bulletin MS99-033 - Critical
Patch Available for "Malformed Telnet Argument" Vulnerability
Published: September 09, 1999
Version: 1.0
Originally Posted: September 09, 1999
Summary
Microsoft has released a patch that eliminates a vulnerability in the Telnet client that ships as part of Microsoft® Windows® 95 and 98. The vulnerability could allow arbitrary code to be executed on the user's computer.
Frequently asked questions regarding this vulnerability can be found at https://www.microsoft.com/technet/security/bulletin/fq99-033.mspx
Issue
The Telnet client that ships as part of Windows 95 and 98 has an unchecked buffer. A specially-malformed argument could be passed to the client via a web page in order to cause arbitrary code to execute on the computer via a classic buffer overrun technique.
Affected Software Versions
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
Vulnerability Identifier: CVE-1999-0749
Patch Availability
Microsoft Windows 95
https:Microsoft Windows 98 and Windows 98 Second Edition
https://www.microsoft.com/windows98/downloads/contents/WUCritical/Telnet/Default.aspNote This patch also is available via WindowsUpdate.
More Information
Please see the following references for more information related to this issue.
- Microsoft Security Bulletin MS99-033: Frequently Asked Questions, https://www.microsoft.com/technet/security/bulletin/fq99-033.mspx.
- Microsoft Security web site, </https:>https:
Obtaining Support on this Issue
This is a fully supported patch. Information on contacting Microsoft Technical Support is available at </https:>https:.
Acknowledgments
Microsoft acknowledges Jeremy Kothe for bringing this issue to our attention.
Revisions
- September 09, 1999: Bulletin Created.
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Built at 2014-04-18T13:49:36Z-07:00 </https:>