[Mimedefang] Re: Unsafe file types
Kelson Vibber
kelson at speed.net
Mon Dec 1 15:07:32 EST 2003
At 11:42 AM 12/1/2003, WBrown at e1b.org wrote:
>RTF(rich text files) can be opened with Micro$oft Turd
IIRC, Word registers itself as the default handler for RTF files.
>but they do not have the ability to carry embedded macros the way a .DOC
>file can. They are far less dangerous.
Sure - if it's really an RTF file. But if you take a Word document and
rename it as .RTF instead of .DOC, Windows will still open it in Word (see
above, nothing sinister about that part) - and presumably Word will look at
the file contents, realize it's not really RTF, and load the document,
macros and all.
Of course, in this case it could be done just as easily if the file type
were stored as metadata instead of in the filename. The attacker would
just be altering the metadata instead of renaming the file.
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list