| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Jan 2007 14:10:54 +0100 From: "Michele Cicciotti" <mc@...msa.net> To: "'Marc Ruef'" <marc.ruef@...putec.ch>, <full-disclosure@...ts.grok.org.uk> Subject: Re: Microsoft Windows file open without extension > This only works with files connected to Microsoft Office so far. I have tested the common > extensions as like xls (Excel) and doc (Word) successfully on my Microsoft Windows XP with > SP2 and all the patches. It seems as like the file header is parsed in any case. This is intended behavior > Other Microsoft products as like bmp (Paint) or txt (Notepad) are not working. Oh, don't bother. You have stumbled on an age-old quirky behavior of Windows. Office document formats are based on a standard Windows container format, OLE structured storage files, also known as "docfiles". A docfile's name and extension are irrelevant - the file is, conceptually, a serialization of an OLE object, and like all serialization formats it contains the identifier of the application that produced it, in the form of an OLE class id (in GUID format) in this case. You can easily verify that it doesn't work with the newer Office XML formats Here, have a look at this: http://www.securityfocus.com/infocus/1874 Another file format well-known to be based on docfiles are Windows Installer packages, but they don't have a CompObj stream specifying the object to instantiate, so they cannot be used to pull this trick _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists