Title: Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
Severity: MODERATE
Description:
The file sharing (SMB) service in Windows enables client applications to access and modify files from a server on the network.
The SMB service within Windows 95/98 allocates 0x400*4 bytes to store file handles. Therefore, a file handle returned to a client will be in the range 0 - 1023. When SMB commands such as SMBfindclose are sent to the service specifying a specially crafted handle out of that range, the sharing service will attempt to access illegal memory address.
Successful exploitation of this vulnerability will cause the sharing service to buffer overflow and likely crash.
Affected Products:
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
