Windows 95 and Windows 98 File Access URL Update

ID: Q245729

The information in this article applies to:
  • Microsoft Windows 95
  • Microsoft Windows 95 OEM Service Release versions 1, 2, 2.1, 2.5
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition

SYMPTOMS

If you browse a Web page containing a very long "file://" address (URL) or Universal Naming Convention (UNC) string, or you view an HTML e-mail message containing such a string, Windows may stop responding (hang), or an unexpected command may be run on your computer.


CAUSE

This behavior can be caused by a buffer overflow in the Windows 95 and Windows 98 networking software that supports access to local and remote files. If this software is passed a very long UNC string, the UNC string may overrun the buffer. If the UNC string is random, it may cause the computer to hang. If the UNC string is specially formed, it can cause the computer to run arbitrary code that could disclose, modify, or destroy data on the computer.

The buffer overrun can occur if you display a Web page containing a very long "file://" URL or UNC string, or you view an HTML e-mail message containing such a string and your e-mail reader allows HTML e-mail messages to be displayed. Microsoft Outlook and Microsoft Outlook Express are two e-mail readers that support HTML e-mail messages.


RESOLUTION

To resolve this issue, obtain and run the appropriate file.

The following files are available for download from the Microsoft Download Center. Click the file names below to download the files:

245729us8.exe (Windows 98)
245729us5.exe (Windows 95)
Release Date: Nov-12-1999

For more information about how to download files from the Microsoft Download Center, please visit the Download Center at the following Web address
http://www.microsoft.com/downloads/search.asp
and then click How to use the Microsoft Download Center.

The English-language version of this fix should have the following file attributes or later: 

 Date       Time      Version     Size     File name     Platform
 ------------------------------------------------------------------------
 11/11/99   11:52am   4.00.956    61,952   Msnet32.dll   Windows 95 (all)
 11/11/99   11:13am   4.10.2224   61,952   Msnet32.dll   Windows 98 (all)

Note that this fix is also available on the Microsoft Windows Update Web site (http://windowsupdate.microsoft.com).

The English version of the Windows 98 fix is located on Windows Update at:
http://www.microsoft.com/windows98/downloads/contents/WUCritical/fileacc/Default.asp
The English version of the Windows 95 fix is located at:
http://www.microsoft.com/windows95/downloads/contents/WUCritical/fileacc/Default.asp
The fix is also available in the following languages on the Windows Update Web site or the Microsoft Download Center:
  • Czech
  • Danish
  • Dutch
  • Finnish
  • French
  • Greek
  • Hungarian
  • Italian
  • Norwegian
  • Polish
  • Portuguese (Brazil)
  • Portuguese (Portugal)
  • Russian
  • Slovenian
  • Slovak
  • Spanish
  • Swedish
  • Turkish


STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.


MORE INFORMATION

This fix changes the Windows networking software to eliminate the buffer overrun. The modified software returns an error message when it is presented with a file name longer than the length of the buffer.

Additional query words:

Keywords : kbtool osr2 win95 win98 win98se
Version : WINDOWS:95
Platform : WINDOWS
Issue type : kbprb


Last Reviewed: January 14, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.