Several high-profile distributors of the BSD version of the Telnet protocol have rolled out patches for a critical bug that could cause system-hijack attacks. The bug, which was reported by iDefense Inc., is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges.
A successful attacker would have to convince the user to launch a Telnet session with a malicious server. A malicious Web page could be designed that could launch the Telnet client on the user's system by clicking a link, or, using the IFRAME tag, by loading the page. Telnet is a protocol that supports virtual terminal sessions across IP networks including the Internet. The Telnet client program provides the interface for the terminal session to the user.
News source: eWeek