c:\con\con
To begin with, the popular belief that con is just an illegal DOS name is not true. Con is the console, such as the keyboard, or in some old computers the terminal input.
There are legitimate uses for con, such as going
copy con filename.ext
This is identical to the Unix command
cat > filename
with the one difference being that the DOS con input is terminated by Ctrl-Z (or F6), and the Unix input is terminated by Ctrl-D.
Anyway, attempting to open c:\con\con or any other path:\con\con is trying to open a console inside a console. This creates an error inside the VFAT driver and the nice little Windows box blue-screens.
Not only will this work inside the Run prompt, but a link to file:///c:/con/con will also blue screen the computer when Explorer tries to open it. This creates some interesting possibilities, such as the following Java Script line:
document.location.href="file:///c:/con/con";
Now, this is where the security flaws in Windows 98 come in - if an HTML-formatted email is sent to an Outlook Express client, and the above JavaScript code is either embedded in a link, or automatically loaded in the BODY tag the computer will bluescreen upon opening the email.
This bug is not present in Windows NT or Windows 2000.