The software constructs pathnames from user input, but it does
					not handle or incorrectly handles a pathname containing a Windows device name
					such as AUX or CON. This typically leads to denial of service or an information
					exposure when the application attempts to process the pathname as a regular
					file.Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1)
						can result in different types of vulnerabilities. In some cases an attacker
						can request a device via injection of a virtual filename in a URL, which may
						cause an error that leads to a denial of service or an error page that
						reveals sensitive information. A software system that allows device names to
						bypass filtering runs the risk of an attacker injecting malicious code in a
						file with the name of a device.