SMTP: Hyperterm Configuration File (.HT)

This signature detects e-mail attachments with the extension ".ht" sent through SMTP. This can indicate an incoming e-mail virus or other attack. HT files contain configuration information for the Hyperterm console program, shipped with every Windows operating system since Windows 95. It is the default handler program for .ht files. A recent vulnerability in Hyperterm could allow an attacker to take control of your computer through an infected .ht file. These files are not normally sent through e-mail.

Extended Description

A remote buffer overflow vulnerability affects the session parsing functionality of Hilgraeve HyperTerminal. HyperTerminal is shipped and installed with every copy of Microsoft Windows 98, ME, NT 4.0, 2000, XP, and 2003. It is the default telnet client in Microsoft 98 and ME, but not in Windows NT 4.0, 2000, XP, and 2003. This issue is due to a failure of the application to properly validate the length of session-related strings prior to copying them into static process buffers. This may be triggered by a malicious session file or through a telnet URI in circumstances where HyperTerminal is configured to be the default handler for the telnet protocol. An attacker may exploit this issue to execute arbitrary code with the privileges of the unsuspecting user that activates the vulnerable application. This may facilitate unauthorized access or privilege escalation.

Affected Products

Microsoft windows_98

References

CVE: CVE-2004-0568

URL: http://www.hilgraeve.com/htpe/ http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx

Short Name

SMTP:EXT:DOT-HT

Severity

Minor

Recommended

False

Recommended Action

None

SMTP: Hyperterm Configuration File (.HT)

Extended Description

Affected Products

References

Found a potential security threat?