scarabACENET.CO.ZA

• Next message: Charles Sprickman: "Re: Microsoft Word documents that "phone" home"
• Previous message: Jonathan Rickman: "Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability"
• Maybe in reply to: jandrewsSQA-EXTERNAL.DTTUS.COM: "Serious Microsoft File Association Bug"
• Next in thread: Smith, Eric V.: "Re: Serious Microsoft File Association Bug"
• Maybe reply: Michael Grant: "Re: Serious Microsoft File Association Bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Building on what Jonathan Andrews stated earlier, it's interesting to note:

That *any* file being executed from within "explorer" is essentially
"scanned", well at least the first few bytes are, to determine the file
type - irregardless of what associations are defined. It's especially
interesting, to note that even though the file has been scanned and found to
be of a different type other that that specified by the association it's
still passed (correctly?) to the associated application.

This adds an extra dimension to the impact? What if the "scan" is
susceptible to a buffer overflow or such? Could even passing harmless text
files become a risk?

Yours sincerely,

Mike Grant.
DISCLAIMER:
The information in this reply is provided "AS IS" without warranty of any
kind. In no event shall I be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages.

• Next message: Charles Sprickman: "Re: Microsoft Word documents that "phone" home"
• Previous message: Jonathan Rickman: "Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability"
• Maybe in reply to: jandrewsSQA-EXTERNAL.DTTUS.COM: "Serious Microsoft File Association Bug"
• Next in thread: Smith, Eric V.: "Re: Serious Microsoft File Association Bug"
• Maybe reply: Michael Grant: "Re: Serious Microsoft File Association Bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]