leviathanUSWEST.NET

• Next message: Marc: "Re: NEWDSN.EXE DoS Attack - NT 4.0 SP5 - LOW RISK"
• Previous message: Steve: "NEWDSN.EXE DoS Attack - NT 4.0 SP5 - LOW RISK"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On the tail of thw Win2k 'nul' command-line (is it?) "vulnerability",
where typing 'nul' at the command line causes a BSOD (Or causes
an 'unknown file extension/application' window to come up), I
decided to try it on my Win95 OSR2 machine (again, at the
command line). Type it in your command prompt window? Do you
see what I see? Typing 'nul' spawns the COMMAND.COM program
again. Weird.

I didn't stop there. I tried con, lpt1+lpt2, com1-com4, and aux too. All
spawned the COMMAND.COM again. Hmm...

So, all-in-all, nothing supremely special. Tho, can this be called
around by those who haven't the "c:\con\con" vulnerability patch?
Maybe. (typing 'nul' and all the others at the Run window seems to
yeild the same as if I typed the 'c:\con\con' at the window. Not a real
filename, basically)

Whoa, but try this: Bring up explorer, go to tools/options, make sure
you have "hide MS-DOS extension for registered filetypes"
unchecked, and try creating a file called "com1" somewhere. I don't
want to, you try it! :) (This is my brothers' machine, if I kill it i'm as
good as dead, y'know?)

Well, I think i'm done babbling, it's all up to y'all now!

--"LEVIATHAN"

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

• Next message: Marc: "Re: NEWDSN.EXE DoS Attack - NT 4.0 SP5 - LOW RISK"
• Previous message: Steve: "NEWDSN.EXE DoS Attack - NT 4.0 SP5 - LOW RISK"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]