However, it is not the default Telnet client on Windows 2000, and Windows 2000 users who have not taken steps to make it the default Telnet client would not be affected by the vulnerability. HyperTerminal is the default Telnet client on Windows 98, 98SE, and Me. Please note that, although a Telnet URL is involved in this vulnerability, there is no relationship between this vulnerability and the 'Windows 2000 Telnet Client NTLM Authentication' vulnerability discussed in MS00-067. If a user opened an HTML mail that contained a particularly malformed Telnet URL, it would result in a buffer overrun that could enable the creator of the mail to cause arbitrary code to run on the user's system.
HyperTerminal is a terminal emulator capable of connecting to systems over TCP / IP networks. Until Windows XP, it is included with the operating system, but, starting with Windows Vista, it must be purchased separately. The product contains an unchecked buffer in a section of the code that processes Telnet URLs. HyperTerminal is a terminal emulator capable of connecting to systems via TCP / IP networks, dial-up modems and COM ports. The HyperTerminal application is a utility that installs, by default, on all versions of Windows 98, 98SE, Windows NT, Windows Me, and Windows 2000. This vulnerability could, under certain circumstances, allow a malicious user to execute arbitrary code on another user's system. This patch eliminates a security vulnerability in the HyperTerminal application that ships with several Microsoft operating systems.
