PT-2004-1668 · Microsoft · Windows Server 2003+4

Brett Moore

Published

2004-12-15

Updated

2019-04-30

CVE-2004-0568

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HyperTerminal versions for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003

Description The issue arises from improper validation of the length of a value saved in a session file, allowing remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.

Recommendations For HyperTerminal on Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, consider disabling the use of HyperTerminal session files (.ht) until a patch is available. Restrict access to Telnet URLs and be cautious when opening e-mail messages with links to web sites that may contain malicious content.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0568

Affected Products

Hyperterminal

Windows 2000

Windows Nt 4.0

Windows Server 2003

Windows Xp

PT-2004-1668 · Microsoft · Windows Server 2003+4

CVE-2004-0568

Related Identifiers

Affected Products

References · 10