HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_2000 | Microsoft | * | * |
| Windows_2003_server | Microsoft | datacenter_64-bit-sp1_beta_1 (including) | datacenter_64-bit-sp1_beta_1 (including) |
| Windows_2003_server | Microsoft | enterprise (including) | enterprise (including) |
| Windows_2003_server | Microsoft | enterprise-sp1_beta_1 (including) | enterprise-sp1_beta_1 (including) |
| Windows_2003_server | Microsoft | enterprise_64-bit (including) | enterprise_64-bit (including) |
| Windows_2003_server | Microsoft | enterprise_64-bit-sp1_beta_1 (including) | enterprise_64-bit-sp1_beta_1 (including) |
| Windows_2003_server | Microsoft | r2 (including) | r2 (including) |
| Windows_2003_server | Microsoft | r2-sp1_beta_1 (including) | r2-sp1_beta_1 (including) |
| Windows_2003_server | Microsoft | standard (including) | standard (including) |
| Windows_2003_server | Microsoft | standard-sp1_beta_1 (including) | standard-sp1_beta_1 (including) |
| Windows_2003_server | Microsoft | web (including) | web (including) |
| Windows_2003_server | Microsoft | web-sp1_beta_1 (including) | web-sp1_beta_1 (including) |
| Windows_nt | Microsoft | 4.0 (including) | 4.0 (including) |
| Windows_nt | Microsoft | 4.0-sp1 (including) | 4.0-sp1 (including) |
| Windows_nt | Microsoft | 4.0-sp2 (including) | 4.0-sp2 (including) |
| Windows_nt | Microsoft | 4.0-sp3 (including) | 4.0-sp3 (including) |
| Windows_nt | Microsoft | 4.0-sp4 (including) | 4.0-sp4 (including) |
| Windows_nt | Microsoft | 4.0-sp5 (including) | 4.0-sp5 (including) |
| Windows_nt | Microsoft | 4.0-sp6 (including) | 4.0-sp6 (including) |
| Windows_nt | Microsoft | 4.0-sp6a (including) | 4.0-sp6a (including) |
| Windows_xp | Microsoft | * | * |
References
- http://marc.info/?l=bugtraq\u0026m=110312618614849\u0026w=2
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-043
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18336
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1603
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2545
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3138
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3973
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4508
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4741
- http://marc.info/?l=bugtraq\u0026m=110312618614849\u0026w=2
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-043
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18336
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1603
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2545
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3138
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3973
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4508
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4741