Date: Sun, 14 Sep 2003 23:35:06 -0700 (PDT)
From: Bipin Gautam <door_hUNT3R@...ckcodemail.com>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: Windows Movie maker 2 determines a supportive file type JUST by
 judging its extension!





---DESCRIPTION---
Windows Movie Maker 2 only determines whether a file type is supportive by it or not, ONLY by judging its extension. So, suppose if you have to import a VCD movie (*.dat) to your Windows Movie Maker 2 you have to copy the whole file to a read/write drive rename its extension to *.mov (ie: any extension that media player 2 recognizes)
	Amazingly, windows movie maker 1 effectively judges a supportive movie file by its header so it doesn't matter even if you rename a movie file to *.zip, it would effectively look at the header data and allow us to import in WINDOWS MOVIE MAKER 1. But strangely, Windows Movie Maker judges a supportive file type just by judging its extension! This could prove very inconvenient if we have to import a file through network or read-only drives.

---CONCLUSION---
INDEED A POOR PROGRAMMING PRACTICE! (o;

--[Background Information]--
These bug's were originally discovered by hUNT3R, [myself] a member of 01 Security Submission. The vendor was notified via email.
---[about 01 security submission]---
01s.s is a small group having experience as security specialists, programmers and system administrators.
http://www.ysgnet.com/hn

       | .oÛ_Oo.h»UNTER.oO_Ûo. |
      §  !¹007Õ°¿ÑïÞÎß°Õæ9*½¹!  ‡

_____________________________________________________________
Secure mail ---> http://www.blackcode.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists