Microsoft .doc exploit
Kai Schaetzl
maillists at conactive.com
Mon May 22 01:19:44 IST 2006
Julian Field wrote on Sat, 20 May 2006 18:01:42 +0100:
> So
> for a random filename and file content, you actually cannot say for
> definite what will happen when a user tries to "run" a file. As far as I
> am aware, Microsoft do not document the circumstances in which they use
> the file's content and not its name.
What happens is the following:
- if the file suffix is known to the system (a suffix registered in HKR) it
will open with the program associated with it
- if the file suffix is not known Windows will launch a dialog depending on
the Windows version what to do with it
- if the file suffix is not known, but is a Microsoft Office file Windows
is able to detect that and will not offer that dialog but open it in the
associated program
(that means changing a .doc file to .txt will *not* launch Word because
that is a known file type associated to a text editor)
So, blocking .doc etc. files by suffix seems to be a failed effort since it
doesn't seem to matter which (or if) extension they have. :-(
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list