[16496] in bugtraq
Re: Serious Microsoft File Association Bug
daemon@ATHENA.MIT.EDU (Michael Grant)
Fri Sep 1 17:49:34 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <NEBBKOOPCLHKMMGHCPNGKEEECAAA.scarab@acenet.co.za>
Date: Thu, 31 Aug 2000 21:36:31 +0200
Reply-To: Michael Grant <scarab@ACENET.CO.ZA>
From: Michael Grant <scarab@ACENET.CO.ZA>
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
Building on what Jonathan Andrews stated earlier, it's interesting to note:
That *any* file being executed from within "explorer" is essentially
"scanned", well at least the first few bytes are, to determine the file
type - irregardless of what associations are defined. It's especially
interesting, to note that even though the file has been scanned and found to
be of a different type other that that specified by the association it's
still passed (correctly?) to the associated application.
This adds an extra dimension to the impact? What if the "scan" is
susceptible to a buffer overflow or such? Could even passing harmless text
files become a risk?
Yours sincerely,
Mike Grant.
DISCLAIMER:
The information in this reply is provided "AS IS" without warranty of any
kind. In no event shall I be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages.
