Re: netscape 4.61 recognizes file.changed-doc/xls

[swadlow () UTDALLAS EDU (Su Wadlow)]

--On Sunday, May 28, 2000 10:18 PM -0400 Nathan Einwechter
<morrisok () EXECULINK COM> wrote:

> I don't know if this has already been explored, but if word and excel
> files are correctly recognised without the extensions, how does Word
> and Excel do this?

Someone correct me if I'm wrong, but . . . .

Page formatting and such is saved in a document in the form of
various control codes (the old DOS WordPerfect let you do some
limited editing of it's codes, IIRC).  Embedded in those codes is
information about the app which created the document.  You can see
some of that info by opening a document in a text editor.  There'll
be a bunch of control characters, and text strings like the app's
name and version and such.

> If this where to be discovered I cannot see a reason why one wouldn't
> be able to trick the programs into believing it is a Word or Excel
> file, which would, in turn, could possibly open various other holes,
> I don't really know much about what could be done through word or
> excel, but I can see some possiblities with this.

While I know that you can really screw up a document by messing with
control information in, say, a text editor, I don't know of any way
in which it can be *inserted* into some other file.  I *think*
recognition of the app's specific format is done by recognizing both
the textual application info *and* the formatting control codes.

--
Su Wadlow
swadlow () utdallas edu
    If I have to explain, you wouldn't understand . . . . :-)