tags:

views:

353

answers:

2
+5  Q: 

ms office file extensions

I made a discovery some time back. Just follow these steps:

Create a .doc/.xls/.ppt file in office 2003. Keep some test data in there and close the file. Now rename the file to change it's file extension to a random string, taking care that it is unassociated, like test.asdfghjkl etc. Double click the file and it opens seamlessly in the parent application.

Now AFAIK, windows checks the file extension of the file and uses it to do an action, viz open an application and pass the file to it to open. Then how does the office suite manage to do this?

EDIT: How about the case when the extension is changed to one that is associated with another application. Is there a priority algorithm in place for handling that ?

+4  A: 

Do you have the "View extensions for known types" option on?

EDIT: @Comments.... Yes, its a stupid/insulting question, but when troubleshooting a problem I have learned to assume nothing, and trust the users 0%.

BUT, I tried it, and you're right. Its stupid that MS has this kind of behavior, and it can only lead to security vulnerabilities, which led me on a search for your answer.

From the posts at http://seclists.org/fulldisclosure/2007/Jan/0444.html

"You have stumbled on an age-old quirky behavior of Windows. Office document formats are based on a standard Windows container format, OLE structured storage files, also known as "docfiles". A docfile's name and extension are irrelevant - the file is, conceptually, a serialization of an OLE object, and like all serialization formats it contains the identifier of the application that produced it, in the form of an OLE class id (in GUID format) in this case. You can easily verify that it doesn't work with the newer Office XML formats"

Indeed it doesnt work for the 2007 *X file types, but 2K3 is still a problem. To solve this problem... Upgrade! =)

And here at security focus under TOC point 2.

So, there you go.

StingyJack  2008-11-10 17:06:31
Of course. I have changed the extension. Try it for yourself.
Vaibhav Garg  2008-11-11 06:53:46
The icon changes to that of an unrecognised file type, a generic file icon. Therefore, it is certain that the extension is being changed
Vaibhav Garg  2008-11-11 09:40:56
Actually the only thing that is certain is that the icon has changed. viewing the file in the command prompt dir list would tell you if the file name has changed.
StingyJack  2008-11-11 13:25:20
So i guess, the header is parsed by the shell anyway without consideration to the extension. Is that the case?
Vaibhav Garg  2008-11-11 16:55:22
the ole structure is read by windows and recognized as being a particular com class. the com app is then called to load the file.The tell is in the footer of the file.
StingyJack  2008-11-11 17:51:22
How about the case when the extension is changed to one that is associated with another application. Is there a priority algorithm in place for handling that ?
Vaibhav Garg  2008-11-12 02:41:20
It appears to only fire the OLE container structure if the file type is not registered. I'm not good enough with a disassembler to tell for sure. =)
StingyJack  2008-11-12 12:41:56
A: 

I can't seem to make this happen now, but I know I saw Windows reading XML processing instructions a few years back. Maybe that is what's going on?

Ned Batchelder  2008-11-11 02:08:03

related questions

WCF Behavior Extension Elements Not Recognized in Visual Studio
Filter Extensions in HTML form upload
How Can I Compile Firefox and Include a Few Extensions?
Sending Emails as a "batch execution job"
Can you add new statements to Python's syntax?
Updated Firefox Extension - Still says "No updates were found."
How can I change a files extension using PHP?
How can I create a Firebug-like bottom window Firefox extension
Is using resharper a time saver?
How to update Firefox 2 compatible extensions using IFRAME to Firefox 3?
What is the first thing you do when you install Visual Studio?
What do you use to test your browser extension / BHO?
Initial skeleton for Firefox extensions?
How do you sign your Firefox extensions?
How to check for memory leaks in Guile extension modules?
Determine file type of an image
Mediawiki custom tag Stops page parsing.
Tips / Resources for building a Google Chrome plugin
Sending e-mail from a Custom SQL Server Reporting Services Delivery Extension
Using GLEW to use OpenGL extensions under Windows
What are OpenGL extensions and what are the benefits/tradeoffs of using them?
Using OpenGL extensions On Windows
GL_FRAMEBUFFER_INCOMPLETE_DUPLICATE_ATTACHMENT_EXT errors
How can I turn a string of HTML into a DOM object in a Firefox extension?