الموضوع مغلق ...
What causes the vulnerability?
The vulnerability results because of a flaw in the way Windows 95 and 98 (including Windows 98 Second Edition) parse file path names. Device names such as COM1, CON or LPT1 are reserved words, and they can't be used as folder or file names. When parsing a reference to a path, Windows 95 and 98 check for the presence of a single DOS device name in the path. If one is found, the path is correctly treated as invalid and an error is returned. However, neither Windows 95 nor 98 check for multiple DOS device names. This is the source of the vulnerability.
http://www.microsoft.com/technet/sec.../fq00-017.mspx