CVE-2004-0568 - Conformable Whore

Description

HyperTerminal application for Windows NT 4.0 Windows 2000 Windows XP and Windows Server 2003 does not properly validate the length of a value that is saved in a session file which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht) web site or Telnet URL contained in an e-mail message triggering a buffer overflow.

Reference

http://marc.info/?l=bugtraq&m=110312618614849&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18336 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4741 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4508 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3138 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2545 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1603 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-043