发布日期：2004-12-14
更新日期：2004-12-15

受影响系统：

Microsoft Windows XP
Microsoft Windows NT 4.0SP6a
Microsoft Windows 2003
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3

描述：

---

BUGTRAQ  ID: 11916
CVE(CAN) ID: CVE-2004-0568

Windows HyperTerminal是一款超级终端软件。

Windows HyperTerminal在处理恶意会话文件时存在问题，远程攻击者可以利用这个漏洞进行缓冲区溢出攻击，可能以进程权限执行任意指令。

构建恶意HyperTerminal会话文件可触发缓冲区溢出，攻击者可以诱使用户打开，如HyperTerminal设置为默认telnet客户端使用，那么通过恶意telnet url链接，也可触发缓冲区溢出，可能以系统进程权限执行任意指令。


<*来源：Brett Moore （brett.moore@SECURITY-ASSESSMENT.COM）
  
  链接：http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx
*>

建议：

---

厂商补丁：

Microsoft
---------
Microsoft已经为此发布了一个安全公告（MS04-043）以及相应补丁:
MS04-043：Vulnerability in HyperTerminal Could Allow Code Execution (873339)
链接：http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx

补丁下载：

Microsoft Windows NT Server 4.0 Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=7CC7F82D-F2A2-49AA-BF33-897498898EAD

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

http://www.microsoft.com/downloads/details.aspx?FamilyId=69F3259F-3004-462C-B2A8-37F65EB78A2D

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=DA3DD6C9-DB7E-40A6-AFD0-5ED87C42190D

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=96BBD220-5E2A-43AD-B8B7-54EC608BD8BE

Microsoft Windows XP 64-Bit Edition Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=4970DA24-8C3B-4D99-8F89-13E8AF2E4382

Microsoft Windows XP 64-Bit Edition Version 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=06662D6D-E397-40F7-A7A6-9330FBA17EBF

Microsoft Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=3A36E94B-A39F-4B56-8A2D-42F1089DD158

Microsoft Windows Server 2003 64-Bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=06662D6D-E397-40F7-A7A6-9330FBA17EBF

浏览次数：4080
严重程度：0（网友投票）