Closed Bug 31607 Opened 25 years ago Closed 25 years ago

C:\nul\nul crashes/BSOD

Categories

(Core :: XPCOM, defect, P3)

Product:
Core
Component:
XPCOM
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 29079

People

(Reporter: jeromekwok, Assigned: chofmann)

References

(
URL
)

Details

(Keywords: crash)

Type "C:\nul\nul" in the location bar and press enter. Mozilla will crash on WinNT4 SP6, BSOD/Reboot on Win95. Same as the IE security problem. 12 March build.
I think this might have something to do with it: Due to an inherant fault within the Microsoft Windows 95 and Windows 98 operating system, local and remote users have the capability of crashing the system by simply requesting any permutation of a path and filename referring to a reserved DOS device name in the manner of device\device. The following device names have been known to render a system unstable: CON, NUL, AUX, PRN, CLOCK$, COMx, LPT1, and CONFIG$. Exploiting this vulnerability can be done in a number of ways. Local users are able to crash the operating system by attempting to open a file of device\device, eg. within Microsoft Word, the Run dialog box, or at a command prompt. The same results can be achieved by visiting a website and viewing an HTML file with a local reference to device\device such as <img src="c:\con\con">. It is possible to remotely crash a Windows 95/98 machine as well. This bug is exploitable remotely via any service that involves the remote user specifying paths on the target ie ftp or web services, netbios shares, etc. Examples: FTP: ftp> ls nul/nul WWW: http ://target/con/con \\target\prn\prn etc. from http://www.securityfocus.com seems very likely although they report vulnerable Microsoft Windows 98 Microsoft Windows 95 not vulnerable Microsoft Windows NT 4.0 Microsoft Windows NT 2000.0 wonder if there is anything we can do, but im comfirming the bug
Status: UNCONFIRMED → NEW
Ever confirmed: true
setting severity and keywords and adding myself to the cc list
Severity: normal → critical
Keywords: crash
This is a duplicate of bug #29079.
*** This bug has been marked as a duplicate of 29079 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
verified duplicate
Status: RESOLVED → VERIFIED
Component: Tracking → XPCOM
You need to log in before you can comment on or make changes to this bug.