Bugtraq: Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY

From: Alun Jones <alun () texis com>
Date: Wed, 27 Feb 2002 18:03:17 -0600

At 04:00 AM 2/27/2002, ][-][UNTER wrote:

BPM STUDIO PRO 4.2 is one of the most famous mp3 mixer and player and it has
an http server implementation for manage the player via the web browser.

Unfortunatly, when you perform a simple http request like:
http://BPM-HOST/con/con
you can crash instantly non-patched Win9x host with a simple Blue Screen !!


This old chestnut again?

This is an _operating_system_ issue. There's very little that an app coulddo, even if it wanted to, to protect against this particular crash.

As noted, there is a patch out there for vulnerable operating systems - whyare we still seeing this reported as an application bug?


Alun.
~~~~

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun () texis com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.

By Date By Thread

Current thread:

Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY Alun Jones (Feb 28)