[Mimedefang] Re: Unsafe file types
WBrown at e1b.org
WBrown at e1b.org
Mon Dec 1 15:20:33 EST 2003
mimedefang-bounces at lists.roaringpenguin.com wrote on 12/01/2003 03:07:32
PM:
> >but they do not have the ability to carry embedded macros the way a
.DOC
> >file can. They are far less dangerous.
>
> Sure - if it's really an RTF file. But if you take a Word document and
> rename it as .RTF instead of .DOC, Windows will still open it in Word
(see
> above, nothing sinister about that part) - and presumably Word will look
at
> the file contents, realize it's not really RTF, and load the document,
> macros and all.
>
> Of course, in this case it could be done just as easily if the file type
> were stored as metadata instead of in the filename. The attacker would
> just be altering the metadata instead of renaming the file.
Perhaps that is the real fault in products from the evil Redmondian
empire. That they are basically ignoring the metadata and taking what ever
they are handed (as seen in my other message about the mangled extension).
If they honored the metadata, then it should only apply the RTF import
filter to a file with an RTF extension.
More information about the MIMEDefang
mailing list