Vulnerability Development mailing list archives
Re: Crashing Win9x
From: chaser () MEWL NET (Troy Ablan)
Date: Thu, 23 Mar 2000 17:00:07 -0500
This also means a malicious web site or anything else that launches a web browser can reference file:///c:/nul/nul and get you a nice BSOD that crashes the VFAT driver before you can see what happened. Unfortunately, this seems to "permanently" crash the disk I/O routines and eventually requires a hard reboot. On Mon, 20 Mar 2000, Alun Jones wrote:
This has been a known awkwardness in Windows (and indeed anything based on the DOS underpinnings) for some time - we've had code that specifically checks for "CON", "PRN" or "AUX" for several years now, although one of our competitors actually makes a selling point of the idea that users can come in and write directly to your printer through their FTP server! Essentially, the word from Microsoft has so far been for apps not to create files called CON, PRN, AUX, COM1-4, LPT1- 3, or CLOCK$ (sorry if I've missed any). There are, however, a few ways and means to create files of such a name, and they've proven traditionally to be a little tricky to remove (of the same order of trickery as creating a file on Unix with a leading '-' character). Sadly, there's no function that I'm aware of to tell you whether a file name is reserved or not, and each such device name is assumed by the OS to exist in every folder on your system. Alun. ~~~~
Current thread:
- Re: Crashing Win9x PCbob - Slobodan miskoviC (Mar 15)
- Re: Crashing Win9x Alun Jones (Mar 20)
- Re: Crashing Win9x Michael Marschall (Mar 23)
- Re: Crashing Win9x Alun Jones (Mar 23)
- MS IIS - HTR still a problem? Pete Philips (Mar 23)
- Re: Crashing Win9x Troy Ablan (Mar 23)
- Re: Crashing Win9x Alexander Sanda (Mar 27)
- Re: Crashing Win9x Michael Marschall (Mar 23)
- Re: Crashing Win9x Alun Jones (Mar 20)