Microsoft issued its third security bulletin for the week on Friday, this time reporting an unchecked buffer susceptible to an overrun attack in the ubiquitous HyperTerminal Telnet/serial client which cheerfully sets itself up as the default during Windows installation.
A maliciously-crafted Telnet URL can be used to trigger a buffer overrun, which in turn would enable an attacker to run arbitrary code on a machine with the victim's level of permission. A malicious HTML page exploiting the hole could easily be circulated via e-mail.
Another issue resides in code that processes session files, which enable HyperTerminal users to specify parameters such as the connection method and the destination host, Microsoft says.
Thus if a user opened a maliciously-crafted session file, it too would trigger the buffer overrun.
Because the flaw is specific to the utility, not the OS, an exploit can easily be developed to attack all Win machines running HyperTerminal without individual modifications for the several flavors of Windows in circulation.
Windows 98, 98SE, ME, NT, and 2K are all vulnerable, though in the case of 2K, HyperTerminal is not automatically installed as the default client.
Since Win95 is no longer supported, we're uncertain whether its edition of HT is affected, but chances are it's vulnerable too. There's no 95 patch, and there won't be. Didn't you know you were supposed to buy a 98 upgrade ages ago?
It's been a rough week for Redmond security. On Tuesday we learned of a Word macro vulnerability; on Thursday a Windows Media Player vulnerability; and Friday the HyperTerminal matter, all of which are exploitable in highly destructive ways.
Friday's hole is related to but not the same as a vulnerability reported back in October, so HyperTerminal users need to install fresh patches. The one issued previously is not adequate protection.
HyperTerminal is made by software outfit Hilgraeve. ®