[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Windows file open without extension
- To: "'Marc Ruef'" <marc.ruef@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Microsoft Windows file open without extension
- From: "Michele Cicciotti" <mc@xxxxxxxxxx>
- Date: Tue, 23 Jan 2007 14:10:54 +0100
> This only works with files connected to Microsoft Office so far. I have
> tested the common
> extensions as like xls (Excel) and doc (Word) successfully on my Microsoft
> Windows XP with
> SP2 and all the patches. It seems as like the file header is parsed in any
> case.
This is intended behavior
> Other Microsoft products as like bmp (Paint) or txt (Notepad) are not working.
Oh, don't bother. You have stumbled on an age-old quirky behavior of Windows.
Office document formats are based on a standard Windows container format, OLE
structured storage files, also known as "docfiles". A docfile's name and
extension are irrelevant - the file is, conceptually, a serialization of an OLE
object, and like all serialization formats it contains the identifier of the
application that produced it, in the form of an OLE class id (in GUID format)
in this case. You can easily verify that it doesn't work with the newer Office
XML formats
Here, have a look at this: http://www.securityfocus.com/infocus/1874
Another file format well-known to be based on docfiles are Windows Installer
packages, but they don't have a CompObj stream specifying the object to
instantiate, so they cannot be used to pull this trick
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/