This patch eliminates a security vulnerability in the HyperTerminal application that ships with several Microsoft operating systems. This vulnerability could, under certain circumstances, allow a malicious user to execute arbitrary code on another user's system. The HyperTerminal application is a utility that installs, by default, on all versions of Windows 98, 98SE, Windows NT, Windows Me, and Windows 2000. The product contains an unchecked buffer in a section of the code that processes Telnet URLs. If a user opened an HTML mail that contained a particularly malformed Telnet URL, it would result in a buffer overrun that could enable the creator of the mail to cause arbitrary code to run on the user's system. Please note that, although a Telnet URL is involved in this vulnerability, there is no relationship between this vulnerability and the "Windows 2000 Telnet Client NTLM Authentication" vulnerability discussed in MS00-067. HyperTerminal is the default Telnet client on Windows 98, 98SE, and Me. However, it is not the default Telnet client on Windows 2000, and Windows 2000 users who have not taken steps to make it the default Telnet client would not be affected by the vulnerability.
||May 24, 2001