Those of you with long memories might remember one of the more amusing (or perhaps annoying) bugs of the Windows 95 and 98 era. Certain specially crafted filenames could make the operating system crash. Malicious users could use this to attack other people’s machines by using one of the special filenames as an image source; the browser would try to access the bad file, and Windows would promptly fall over.
It turns out that Windows 7 and 8.1 (and Windows Vista, but that’s out of support anyway) have a similar kind of bug. They can be taken advantage of in the same kind of way: certain bad filenames make the system lock up or occasionally crash with a blue screen of death, and malicious webpages can embed those filenames by using them as image sources. If you visit such a page (in any browser), your PC will hang shortly after and possibly crash outright.
The Windows 9x-era bug was due to an error in the way that operating systems handled special filenames. Windows has a number of filenames that are “special” because they don’t correspond to any actual file; instead, they represent hardware devices. These special filenames can be accessed from any location in the file system, even though they don’t exist on-disk.