Microsoft Security Bulletin (MS99-049) Patch Available for "File Access URL" Vulnerability Originally Posted: November 12, 1999 Summary Microsoft has released a patch that eliminates a vulnerability in Microsoft Windows 95 or Windows 98. The vulnerability could allow a malicious web site or e-mail message to cause the Windows machine to crash, or to run arbitrary code. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/security/bulletins/MS99-049faq.asp. Issue There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack. The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote web site included a long file name or where a long file name was included in an e-mail message. Affected Software Versions The buffer overrun is present in the networking software in all versions of Windows 95 and Windows 98. Patch Availability Windows 95: http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe Windows 98: http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe More Information Please see the following references for more information related to this issue. Microsoft Security Bulletin MS99-049: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-049faq.asp. Microsoft Knowledge Base (KB) article Q245729, Windows 95 and 98 File Access URL Update, http://support.microsoft.com/support/kb/articles/q245/7/29.asp. (Note: It may take 24 hours from the original posting of this bulletin for the KB article to be visible.) Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp. Obtaining Support on this Issue This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/support/contact/default.asp. Acknowledgments Microsoft acknowledges UNYUN, the Shadow Penguin Security Research Group of Japan for bringing this issue to our attention. Revisions November 12, 1999: Bulletin Created.