Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY

[Alun Jones <alun () texis com>]

At 04:00 AM 2/27/2002, ][-][UNTER wrote:
> BPM STUDIO PRO 4.2 is one of the most famous mp3 mixer and player and it has
> an http server implementation for manage the player via the web browser.
>
> Unfortunatly, when you perform a simple http request like:
> http://BPM-HOST/con/con
> you can crash instantly non-patched Win9x host with a simple Blue Screen !!

This old chestnut again?

This is an _operating_system_ issue.  There's very little that an app could 
do, even if it wanted to, to protect against this particular crash.

As noted, there is a patch out there for vulnerable operating systems - why 
are we still seeing this reported as an application bug?

Alun.
~~~~

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun () texis com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.