Article ID: 245729
Article Last Modified on 5/12/2007
APPLIES TO
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98 Standard Edition
- Microsoft Windows 98 Second Edition
This article was previously published under Q245729
SYMPTOMS
If you browse a Web page containing a very long "file://" address (URL) or Universal Naming Convention (UNC) string, or you view an HTML e-mail message containing such a string, Windows may stop responding (hang), or an unexpected command may be run on your computer.
CAUSE
This behavior can be caused by a buffer overflow in the Windows 95 and Windows 98 networking software that supports access to local and remote files. If this software is passed a very long UNC string, the UNC string may overrun the buffer. If the UNC string is random, it may cause the computer to hang. If the UNC string is specially formed, it can cause the computer to run arbitrary code that could disclose, modify, or destroy data on the computer.
The buffer overrun can occur if you display a Web page containing a very long "file://" URL or UNC string, or you view an HTML e-mail message containing such a string and your e-mail reader allows HTML e-mail messages to be displayed. Microsoft Outlook and Microsoft Outlook Express are two e-mail readers that support HTML e-mail messages.
RESOLUTION
To resolve this issue, obtain and run the appropriate file.
The following files are available for download from the Microsoft Download Center:
![[GRAPHIC: ]](/wiki/index.php?title=File:Download.gif){kind=small}
Release Date: Nov-12-1999
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
The English-language version of this fix should have the following file attributes or later:
Date Time Version Size File name Platform
------------------------------------------------------------------------
11/11/99 11:52am 4.00.956 61,952 Msnet32.dll Windows 95 (all)
11/11/99 11:13am 4.10.2224 61,952 Msnet32.dll Windows 98 (all)
Note that this fix is also available on the Microsoft Windows Update Web site (http://windowsupdate.microsoft.com).
The English version of the Windows 98 fix is located on Windows Update at:
The fix is also available in the following languages on the Windows Update Web site or the Microsoft Download Center:
- Czech
- Danish
- Dutch
- Finnish
- French
- Greek
- Hungarian
- Italian
- Norwegian
- Polish
- Portuguese (Brazil)
- Portuguese (Portugal)
- Russian
- Slovenian
- Slovak
- Spanish
- Swedish
- Turkish
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
This fix changes the Windows networking software to eliminate the buffer overrun. The modified software returns an error message when it is presented with a file name longer than the length of the buffer.
For additional information about Windows 98 and Windows 98 Second Edition hotfixes, click the article number below to view the article in the Microsoft Knowledge Base:
206071 General Information About Windows 98 and Windows 98 Second Edition Hotfixes
For additional information about Windows 95 hotfixes, click the article number below to view the article in the Microsoft Knowledge Base:
161020 Implementing Windows 95 Updates
Additional query words: MS99-049
Keywords: kbdownload kbfix kbgraphxlinkcritical kbqfe kbprb kbhotfixserver KB245729
