ms office file extensions

Question

I made a discovery some time back. Just follow these steps:

Create a .doc/.xls/.ppt file in office 2003. Keep some test data in there and close the file. Now rename the file to change it's file extension to a random string, taking care that it is unassociated, like test.asdfghjkl etc. Double click the file and it opens seamlessly in the parent application.

Now AFAIK, windows checks the file extension of the file and uses it to do an action, viz open an application and pass the file to it to open. Then how does the office suite manage to do this?

EDIT: How about the case when the extension is changed to one that is associated with another application. Is there a priority algorithm in place for handling that ?

Answer 1

Do you have the "View extensions for known types" option on?

EDIT: @Comments.... Yes, its a stupid/insulting question, but when troubleshooting a problem I have learned to assume nothing, and trust the users 0%.

BUT, I tried it, and you're right. Its stupid that MS has this kind of behavior, and it can only lead to security vulnerabilities, which led me on a search for your answer.

From the posts at http://seclists.org/fulldisclosure/2007/Jan/0444.html

"You have stumbled on an age-old quirky behavior of Windows. Office document formats are based on a standard Windows container format, OLE structured storage files, also known as "docfiles". A docfile's name and extension are irrelevant - the file is, conceptually, a serialization of an OLE object, and like all serialization formats it contains the identifier of the application that produced it, in the form of an OLE class id (in GUID format) in this case. You can easily verify that it doesn't work with the newer Office XML formats"

Indeed it doesnt work for the 2007 *X file types, but 2K3 is still a problem. To solve this problem... Upgrade! =)

And here at security focus under TOC point 2.

So, there you go.