This patch eliminates a vulnerability in Microsoft Windows 95. The vulnerability can allow a malicious Web site or email message to crash your Windows machine or to run arbitrary code. There is a buffer overflow in the Windows 95 networking software that processes file name strings. If the networking software was provided with a very long random string of input, it could crash the machine. If it was provided with a specially malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack. The vulnerability could be exploited remotely in cases where a file URL or a Universal Naming Convention (UNC) string on a remote Web site included a long file name or where a long file name was included in an email message.
|