Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
BID:1632
Info
Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
| Bugtraq ID: | 1632 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 31 2000 12:00AM |
| Updated: | Aug 31 2000 12:00AM |
| Credit: | Posted to Bugtraq on August 31, 2000 by Jonathan Andrews <[email protected]>. |
| Vulnerable: |
Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Terminal Server 4.0 SP5 Microsoft Windows NT Terminal Server 4.0 SP4 Microsoft Windows NT Terminal Server 4.0 SP3 Microsoft Windows NT Terminal Server 4.0 SP2 Microsoft Windows NT Terminal Server 4.0 SP1 Microsoft Windows NT Terminal Server 4.0 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Server 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows 98 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Advanced Server |
| Not Vulnerable: | |
Discussion
Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
A potential problem exists in the way that Microsoft Windows handles file extensions. Under usual circumstances, when opening an unknown file type, the user is prompted with a dialogue box asking what application should be used to execute the file. This is not the case with Microsoft Office documents when opened in Windows Explorer.
If a file is made in an Office application and the extension is renamed to an unknown file type, Windows will still open the file in the corresponding Office program. Reportedly this is because Windows uses header information to determine the file type rather than the file extension itself.
Problems could arise if a malicious user were to embed macro viruses in an Office document and then rename the extension to *.vi?. Some antivirus programs will not scan files with the extension of *.vi?. Therefore, viruses contained in such Office documents would go undetected.
A potential problem exists in the way that Microsoft Windows handles file extensions. Under usual circumstances, when opening an unknown file type, the user is prompted with a dialogue box asking what application should be used to execute the file. This is not the case with Microsoft Office documents when opened in Windows Explorer.
If a file is made in an Office application and the extension is renamed to an unknown file type, Windows will still open the file in the corresponding Office program. Reportedly this is because Windows uses header information to determine the file type rather than the file extension itself.
Problems could arise if a malicious user were to embed macro viruses in an Office document and then rename the extension to *.vi?. Some antivirus programs will not scan files with the extension of *.vi?. Therefore, viruses contained in such Office documents would go undetected.
Exploit / POC
Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
See discussion.
See discussion.
Solution / Fix
Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
References:
References: