lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20070123131052.D0B2E1D8F2C@supertolla.itapac.net>
Date: Tue, 23 Jan 2007 14:10:54 +0100
From: "Michele Cicciotti" <mc@...msa.net>
To: "'Marc Ruef'" <marc.ruef@...putec.ch>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: Microsoft Windows file open without extension

> This only works with files connected to Microsoft Office so far. I have tested the common
> extensions as like xls (Excel) and doc (Word) successfully on my Microsoft Windows XP with
> SP2 and all the patches. It seems as like the file header is parsed in any case.

This is intended behavior

> Other Microsoft products as like bmp (Paint) or txt (Notepad) are not working.

Oh, don't bother. You have stumbled on an age-old quirky behavior of Windows. Office document formats are based on a standard Windows container format, OLE structured storage files, also known as "docfiles". A docfile's name and extension are irrelevant - the file is, conceptually, a serialization of an OLE object, and like all serialization formats it contains the identifier of the application that produced it, in the form of an OLE class id (in GUID format) in this case. You can easily verify that it doesn't work with the newer Office XML formats

Here, have a look at this: http://www.securityfocus.com/infocus/1874

Another file format well-known to be based on docfiles are Windows Installer packages, but they don't have a CompObj stream specifying the object to instantiate, so they cannot be used to pull this trick

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ