CVE-2000-0330
published 1999-11-12CVE-2000-0330: The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL"…
PriorityP434high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
15.02%
96.3th percentile
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows 95/98 - UNC Buffer Overflow (1)
exploitdb·1999-11-09
CVE-2000-0330 Microsoft Windows 95/98 - UNC Buffer Overflow (1)
Microsoft Windows 95/98 - UNC Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/779/info
There is a overflowable buffer in the networking code for Windows 95 and 98 (all versions). The buffer is in the part of the code that handles filenames. By specifying an exceptionally long filename, an attacker can cause the machine to crash or execute arbitrary code. This vulnerability could be exploited remotely by including a hostile UNC or file:// URL in a web page or HTML email. The attack would occur when the page was loaded in a browser or the email was opened (including opening the email in a preview pane.)
/*=============================================================================
Microsoft IE4 for Windows98 exploit
The Shadow Penguin Security (http://shadowpenguin.
Exploit-DB
Microsoft Windows 95/98 - UNC Buffer Overflow (2)
exploitdb·1999-11-09
CVE-2000-0330 Microsoft Windows 95/98 - UNC Buffer Overflow (2)
Microsoft Windows 95/98 - UNC Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/779/info
There is a overflowable buffer in the networking code for Windows 95 and 98 (all versions). The buffer is in the part of the code that handles filenames. By specifying an exceptionally long filename, an attacker can cause the machine to crash or execute arbitrary code. This vulnerability could be exploited remotely by including a hostile UNC or file:// URL in a web page or HTML email. The attack would occur when the page was loaded in a browser or the email was opened (including opening the email in a preview pane.)
/*=========================================================================
Microsoft IE5 for Windows98 exploit
The Shadow Penguin Security (http://shadowpenguin.back
No writeups or analysis indexed.
1999-11-12
Published