Bugtraq mailing list archives
Re: Serious Microsoft File Association Bug
From: "Michael R. Batchelor" <michaelb () ind-info com>
Date: Thu, 31 Aug 2000 19:57:19 -0400
Normally, when you open a file of an unknown type, it will prompt you for an application to use to open the file. This does not prove true for Microsoft Office documents. If you rename an Office document to an unknown extension, Windows will still use the Office application to open the file.
[...]
Someone with malicious intent could create a macro virus embedded in an Office document, then rename the file with a .VIR extension. Since most anti-virus software have an exclusion of .VI* this file would never be scanned by Norton.
I was able to duplicate this on NT 4.0 SP4, Office 97 SR-2, NAV 5.0 definitions 7/17/00 and another system W98 4.10.2222A, Word 2000 9.0.2720, NAV 4.0 definitions 7/17/00 so long as the extension was *NOT* .vir. It worked with .viq and .via, but .vir is recognized as a Norton extension and prompts for a program to open it. Still, the ordinary exclusion is .vi?, so the macro would have executed. MB
Current thread:
- Re: Serious Microsoft File Association Bug Michael R. Batchelor (Sep 01)
- <Possible follow-ups>
- Re: Serious Microsoft File Association Bug Attonbitus Deus (Sep 01)
- Re: Serious Microsoft File Association Bug Jaanus Kase (Sep 01)
- Re: Serious Microsoft File Association Bug Michael Grant (Sep 01)
- Re: Serious Microsoft File Association Bug Smith, Eric V. (Sep 02)