POP3: Hyperterm (.HT) File Attachment

This signature detects e-mail attachments with the extension ".ht" sent through POP3. This can indicate an incoming e-mail virus or other attack. HT files contain configuration information for the Hyperterm console program, shipped with every Windows operating system since Windows 95. It is the default handler program for .ht files. A recent vulnerability in Hyperterm could allow an attacker to take control of your computer through an infected .ht file. These files are not normally sent through email.

Extended Description

HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.

Affected Products

Microsoft windows_2003_server

References

CVE: CVE-2004-0568

URL: http://www.hilgraeve.com/htpe/ http://filext.com/detaillist.php?extdetail=ht http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx

Short Name

POP3:EXT:DOT-HT

Severity

Minor

Recommended

False

Recommended Action

None

POP3: Hyperterm (.HT) File Attachment

Extended Description

Affected Products

References

Found a potential security threat?