CVE-2000-0168

Microsoft Windows 95 98 and 98SE - Denial of Service via File Device Name Path

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0168. PoCs published by anonymous, adk86.

AI-analyzed exploit summary This is a writeup describing a DoS vulnerability in Microsoft Windows systems where accessing reserved DOS device names (e.g., CON, NUL) in a specific path format crashes the system. The document provides examples of local and remote exploitation methods but does not include executable exploit code.

Description

Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.

Exploits (2)

exploitdb WRITEUP VERIFIED
by anonymous · textdoswindows
https://www.exploit-db.com/exploits/19799

This is a writeup describing a DoS vulnerability in Microsoft Windows systems where accessing reserved DOS device names (e.g., CON, NUL) in a specific path format crashes the system. The document provides examples of local and remote exploitation methods but does not include executable exploit code.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows 9x/NT/2000 (various versions)
No auth needed
Prerequisites: Access to a vulnerable Windows system (local or remote) · Ability to send crafted file paths via services like FTP, HTTP, or SMB
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by adk86 · poc
https://github.com/adk86/CVE-Vulnerability-Research-Exploit-Analysis

This repository documents a structured penetration testing project that includes research and execution of CVE-2000-0168, a DoS attack against Windows 95 via malicious device path names. It provides methodology, execution steps, and evidence but does not contain functional exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows 95
No auth needed
Prerequisites: Apache web server · VirtualBox virtual network · Windows 95 target machine
devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vendor-advisory x_refsource_ms
http://www.securityfocus.com/templates/advisory.html?id=2126
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1043

Scores

EPSS 0.1960
EPSS Percentile 97.0%

Details

Status published
Products (3)
microsoft/windows_95
microsoft/windows_98
microsoft/windows_98se
Published Mar 04, 2000
Tracked Since Feb 18, 2026