Suggest A Fix PC Support Forums > MS Alert: Win95 Backup Utility and DoS

Full Version: MS Alert: Win95 Backup Utility and DoS

Suggest A Fix PC Support Forums > Security > Security News and Warnings

73-1010870792

Jan 14 2002, 11:26 AM

SNS Research reported a buffer overflow vulnerability in the Microsoft Windows 95 Backup file backup utility. A malicious file name could cause the backup function to fail and potentially execute arbitrary code when backing up files.

It is reported that Windows 95 Backup contains a buffer overflow that could allow a local user to execute arbitrary code on the host or cause the host to crash. A local user could create a file name with a large (>128 bytes) file extension to cause the backup program to crash or execute arbitrary code when encountering this file name in the backup file-set. Shell code must be composed solely of valid file name characters. A local user could create a file with a special file name that will cause the backup utility to crash or execute arbitrary code when a backup is performed.

No solution was available at the time of this entry. Because of the support obsolescence for Microsoft Windows 95, it is reported that a patch will not be released. The author of the report recommends using a different file backup utility.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.