Bugtraq mailing list archives

Re: Serious Microsoft File Association Bug

From: "Michael R. Batchelor" <michaelb () ind-info com>
Date: Thu, 31 Aug 2000 19:57:19 -0400

Normally, when you open a file of an unknown type, it will
prompt you for an application to use to open the file.
This does not prove true for Microsoft Office documents.
If you rename an Office document to an unknown extension,
Windows will still use the Office application to open the file.

[...]

Someone with malicious intent could create a macro virus
embedded in an Office document, then rename the file with
a .VIR extension.  Since most anti-virus software have an
exclusion of .VI* this file would never be scanned by Norton.



I was able to duplicate this on NT 4.0 SP4, Office 97 SR-2,
NAV 5.0 definitions 7/17/00 and another system W98 4.10.2222A,
 Word 2000 9.0.2720, NAV 4.0 definitions 7/17/00 so long as
the extension was *NOT* .vir.

It worked with .viq and .via, but .vir is recognized as
a Norton extension and prompts for a program to open it.

Still, the ordinary exclusion is .vi?, so the macro would
have executed.

MB

Current thread:

Re: Serious Microsoft File Association Bug Michael R. Batchelor (Sep 01)
- <Possible follow-ups>
- Re: Serious Microsoft File Association Bug Attonbitus Deus (Sep 01)
- Re: Serious Microsoft File Association Bug Jaanus Kase (Sep 01)
- Re: Serious Microsoft File Association Bug Michael Grant (Sep 01)
- Re: Serious Microsoft File Association Bug Smith, Eric V. (Sep 02)