Re: Serious Microsoft File Association Bug

["Smith, Eric V." <EricSmith () WINDSOR COM>]

This is hardly a new or undocumented feature of Windows.  The API's for
doing this are documented in Inside OLE.  My second edition is dated 1995.
See
http://msdn.microsoft.com/library/default.asp?URL=/library/books/inole/S119C
.HTM for a discussion of structured storage files and how to associate
applications with them.

The file extension is the last thing Windows looks at when trying to figure
out how to open a file, not the first.  This is similar to MacOS which
embeds an id in the file identifying which application to start to edit the
file.

The bug here is not with Windows but with NAV which assumes incorrectly how
applications will be launched when files are opened.

Eric.

> -----Original Message-----
> From: Michael R. Batchelor [mailto:michaelb () IND-INFO COM]
> Sent: Thursday, August 31, 2000 7:57 PM
> To: BUGTRAQ () SECURITYFOCUS COM
> Subject: Re: Serious Microsoft File Association Bug
>
>
> > Normally, when you open a file of an unknown type, it will
> > prompt you for an application to use to open the file.
> > This does not prove true for Microsoft Office documents.
> > If you rename an Office document to an unknown extension,
> > Windows will still use the Office application to open the file.
> [...]
> > Someone with malicious intent could create a macro virus
> > embedded in an Office document, then rename the file with
> > a .VIR extension.  Since most anti-virus software have an
> > exclusion of .VI* this file would never be scanned by Norton.
>
>
> I was able to duplicate this on NT 4.0 SP4, Office 97 SR-2,
> NAV 5.0 definitions 7/17/00 and another system W98 4.10.2222A,
>  Word 2000 9.0.2720, NAV 4.0 definitions 7/17/00 so long as
> the extension was *NOT* .vir.
>
> It worked with .viq and .via, but .vir is recognized as
> a Norton extension and prompts for a program to open it.
>
> Still, the ordinary exclusion is .vi?, so the macro would
> have executed.
>
> MB