This patch eliminates a vulnerability in Microsoft Windows 98. The vulnerability can allow a malicious Web site or email message to crash your Windows machine or to run arbitrary code. There is a buffer overflow in the Windows 98 networking software that processes file name strings. If the networking software was provided with a very long random string of input, it could crash the machine. If it was provided with a specially malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.
|