Microsoft KB Archive/245729

= Windows 95 and Windows 98 File Access URL Update =

Article ID: 245729

Article Last Modified on 5/12/2007

-

APPLIES TO


 * Microsoft Windows 95
 * Microsoft Windows 95
 * Microsoft Windows 95
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 98 Second Edition

-



This article was previously published under Q245729



SYMPTOMS
If you browse a Web page containing a very long "file://" address (URL) or Universal Naming Convention (UNC) string, or you view an HTML e-mail message containing such a string, Windows may stop responding (hang), or an unexpected command may be run on your computer.



CAUSE
This behavior can be caused by a buffer overflow in the Windows 95 and Windows 98 networking software that supports access to local and remote files. If this software is passed a very long UNC string, the UNC string may overrun the buffer. If the UNC string is random, it may cause the computer to hang. If the UNC string is specially formed, it can cause the computer to run arbitrary code that could disclose, modify, or destroy data on the computer.

The buffer overrun can occur if you display a Web page containing a very long "file://" URL or UNC string, or you view an HTML e-mail message containing such a string and your e-mail reader allows HTML e-mail messages to be displayed. Microsoft Outlook and Microsoft Outlook Express are two e-mail readers that support HTML e-mail messages.



RESOLUTION
To resolve this issue, obtain and run the appropriate file.

The following files are available for download from the Microsoft Download Center:

Download 245729us8.exe (Windows 98) now

Download 245729us5.exe (Windows 95) now

Release Date: Nov-12-1999

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

The English-language version of this fix should have the following file attributes or later:  Date      Time      Version     Size     File name     Platform 11/11/99  11:52am   4.00.956    61,952   Msnet32.dll   Windows 95 (all) 11/11/99  11:13am   4.10.2224   61,952   Msnet32.dll   Windows 98 (all)

Note that this fix is also available on the Microsoft Windows Update Web site (http://windowsupdate.microsoft.com).

The English version of the Windows 98 fix is located on Windows Update at:

http://support.microsoft.com/ph/1139

The fix is also available in the following languages on the Windows Update Web site or the Microsoft Download Center:
 * Czech
 * Danish
 * Dutch
 * Finnish
 * French
 * Greek
 * Hungarian
 * Italian
 * Norwegian
 * Polish
 * Portuguese (Brazil)
 * Portuguese (Portugal)
 * Russian
 * Slovenian
 * Slovak
 * Spanish
 * Swedish
 * Turkish



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
This fix changes the Windows networking software to eliminate the buffer overrun. The modified software returns an error message when it is presented with a file name longer than the length of the buffer.

For additional information about Windows 98 and Windows 98 Second Edition hotfixes, click the article number below to view the article in the Microsoft Knowledge Base:

206071 General Information About Windows 98 and Windows 98 Second Edition Hotfixes

For additional information about Windows 95 hotfixes, click the article number below to view the article in the Microsoft Knowledge Base:

161020 Implementing Windows 95 Updates

Additional query words: MS99-049

Keywords: kbdownload kbfix kbgraphxlinkcritical kbqfe kbprb kbhotfixserver KB245729

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.