Bugtraq mailing list archives
Re: Serious Microsoft File Association Bug
From: "Smith, Eric V." <EricSmith () WINDSOR COM>
Date: Sat, 2 Sep 2000 06:44:37 -0400
This is hardly a new or undocumented feature of Windows. The API's for doing this are documented in Inside OLE. My second edition is dated 1995. See http://msdn.microsoft.com/library/default.asp?URL=/library/books/inole/S119C .HTM for a discussion of structured storage files and how to associate applications with them. The file extension is the last thing Windows looks at when trying to figure out how to open a file, not the first. This is similar to MacOS which embeds an id in the file identifying which application to start to edit the file. The bug here is not with Windows but with NAV which assumes incorrectly how applications will be launched when files are opened. Eric.
-----Original Message----- From: Michael R. Batchelor [mailto:michaelb () IND-INFO COM] Sent: Thursday, August 31, 2000 7:57 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Serious Microsoft File Association BugNormally, when you open a file of an unknown type, it will prompt you for an application to use to open the file. This does not prove true for Microsoft Office documents. If you rename an Office document to an unknown extension, Windows will still use the Office application to open the file.[...]Someone with malicious intent could create a macro virus embedded in an Office document, then rename the file with a .VIR extension. Since most anti-virus software have an exclusion of .VI* this file would never be scanned by Norton.I was able to duplicate this on NT 4.0 SP4, Office 97 SR-2, NAV 5.0 definitions 7/17/00 and another system W98 4.10.2222A, Word 2000 9.0.2720, NAV 4.0 definitions 7/17/00 so long as the extension was *NOT* .vir. It worked with .viq and .via, but .vir is recognized as a Norton extension and prompts for a program to open it. Still, the ordinary exclusion is .vi?, so the macro would have executed. MB
Current thread:
- Re: Serious Microsoft File Association Bug Michael R. Batchelor (Sep 01)
- <Possible follow-ups>
- Re: Serious Microsoft File Association Bug Attonbitus Deus (Sep 01)
- Re: Serious Microsoft File Association Bug Jaanus Kase (Sep 01)
- Re: Serious Microsoft File Association Bug Michael Grant (Sep 01)
- Re: Serious Microsoft File Association Bug Smith, Eric V. (Sep 02)