At Wednesday 5/15/2002 03:11 PM +0400, you wrote: > Title: Special device access and DoS in Microsoft Internet > Exporer/Outlook Express/Outlook > > All versions of Windows have a reserved filenames referred to special > devices such as prn, aux, nul, etc also called DOS devices. This might be related to a vulnerability that was reported to Microsoft on Mar 7 2001. See the BugTraq post: http://online.securityfocus.com/archive/1/197926 The META HTTP-EQUIV=REFRESH tag used to do the trick from Outlook and other email clients using the MS HTML viewer (e.g. Eudora). Redirecting to file://C:\PRN was sufficient to hang the browser or email client. Microsoft assigned the following internal tracking number to the issue: "MSRC 673au", and fixed it in MS00-17. Obviously they didn't do a good enough job, since you guys found a way to print files, etc. :) Another scary thing is that you can cause the computer to connect to arbitrary UNC paths, which as you know, involves sending NetBIOS credentials over the wire (a good reason to use egress filtering). +-------------------------------- Chad Loder <chad@rapid7.com> Rapid 7, Inc. <http://www.rapid7.com> +--------------------------------
