Windows File Extension Bug Poses Threat

Bug hunter Georgi Guninski has uncovered yet another security flaw that a malicious user can take advantage of to do harm to a Microsoft Windows system. This exploit entails the use of a CLSID appended onto an apparently innocuous file, opening the door for an end-user to execute a script or executable unknowingly. The CLSID is not displayed in Windows Explorer or IE, and gives the impression that the file in question is safe to open. The extension would be no cause for alarm unlike '.gif.vbs', for example.



Windows does recognize the file according to the CLSID, and will even display the ID string in more detailed views. However, at first glance the only protection from this exploit is to take notice of the icon associated with the file.


A CLSID is a number assigned to a COM object to uniquely identify it to Windows. The OS also is instructed to perform functions based upon a file's assigned ID. This enables the destructive code to have access to the Windows registry, MS Office Applications through OLE automation, delete files, and overall will create a situation conducive to chaos. A system can be disabled, applications can be damaged, and the illicit code can even create a new Administrator account.

Microsoft has stated it is investigating the issue, but had not released an official statement by press time. The only workaround at this time is to double check files before you execute them.

For more information visit, http://www.guninski.com/clsidext.html.

32 Responses to Windows File Extension Bug Poses Threat

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.