Re: Serious Microsoft File Association Bug

[Michael Grant <scarab () ACENET CO ZA>]

Hi,

Building on what Jonathan Andrews stated earlier, it's interesting to note:

That *any* file being executed from within "explorer" is essentially
"scanned", well at least the first few bytes are, to determine the file
type - irregardless of what associations are defined.  It's especially
interesting, to note that even though the file has been scanned and found to
be of a different type other that that specified by the association it's
still passed (correctly?) to the associated application.

This adds an extra dimension to the impact?  What if the "scan" is
susceptible to a buffer overflow or such? Could even passing harmless text
files become a risk?

Yours sincerely,

Mike Grant.
DISCLAIMER:
The information in this reply is provided "AS IS" without warranty of any
kind.  In no event shall I be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages.