HTTP Windows 98 MS/DOS Device Names DOS Network Vulnerability

Summary

It was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm or AUX. A cracker may use this flaw to make your system crash continuously, preventing you from working properly.

Solution

upgrade your system or use a HTTP server that filters those names out.

Severity

Classification

CVE CVE-2000-0168, CVE-2001-0386, CVE-2001-0391, CVE-2001-0493, CVE-2001-0558, CVE-2001-0602, CVE-2002-0200, CVE-2003-0016

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Cogent DataHub Multiple Vulnerabilities
Firefox XSL Parsing Vulnerability (Win)
Epson EventManager 'x-protocol-version' Denial of Service Vulnerability
Avast! Zoo Denial of Service Vulnerability
Adobe Reader '.ETD File' Denial of Service Vulnerability (Windows)

HTTP Windows 98 MS/DOS device names DOS

Take action and discover your vulnerabilities