News

Microsoft Fixes Windows 95/98 Bug

Microsoft has released a patch that eliminates a vulnerability in Windows 95 and Windows 98 that could allow a malicious Web site or e-mail message to cause the Windows machine to crash or to run arbitrary code.

There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.

The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote Web site included a long file name or where a long file name was included in an e-mail message.

All versions of Windows 95 and Windows 98 are known to be affected. The patch for Windows 95 is available at http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe and for Windows 98 at http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

comments powered by Disqus
Most   Popular

SharePoint Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.