Geek Answers Handbook

Ms. Ms office file extensions

I made a discovery a while ago. Just follow these steps:

Create a .doc / .xls / .ppt file in the office. Save some test data and close the file. Now rename the file to change its file extension to a random line, taking care that it is unattached, for example test.asdfghjkl, etc. Double-click the file and it will open in the parent application.

Now AFAIK, the window checks the file extension of the file and uses it to perform an action, namely: open the application and transfer the file to open it. Then how does an office suite handle this?

EDIT: how about a case where the extension has been changed to another one associated with another application. Is there a priority algorithm to handle this?

+6
ms-office file-association
source share
2 answers

Do you have the option "View extensions for known types"?

EDIT: @Comments .... Yes, this is a stupid / insulting question, but when I fixed the problem, I learned not to accept anything and to trust 0% users.

BUT, I tried, and you're right. It is foolish that MS has this behavior, and this can only lead to security vulnerabilities, which led me to search for your answer.

From posts at http://seclists.org/fulldisclosure/2007/Jan/0444.html

β€œYou stumbled upon the centuries-old whimsical behavior of Windows. Office document formats are based on the standard Windows container format, OLE structured storage files, also known asβ€œ docfiles. ”The docfile file name and extension does not matter - the file is conceptually serialized as an OLE object and, like all serialization formats contain the identifier of the application that made it in the form of an OLE class id (in GUID format). You can easily make sure that this does not work with the new Office XML formats "

Indeed, it does not work for * * * 2007 file types, but 2K3 is still a problem. To solve this problem ... Update! =)

And here, the focus of security is at TOC 2.

So you go.

+4
source share

I can't do it right now, but I know that a few years ago I saw Windows reading XML processing instructions . Maybe this is what happens?

0
source share

More articles:


All Articles