简体繁体 English

ms office文件扩展名

[英]ms office file extensions

原文 2008-11-10 17:00:45 0 2 ms-office/ file-association

I made a discovery some time back. 我回忆起了一段时间。 Just follow these steps: 只需按以下步骤操作：

Create a .doc/.xls/.ppt file in office 2003. Keep some test data in there and close the file. 在office 2003中创建一个.doc / .xls / .ppt文件。在那里保留一些测试数据并关闭文件。 Now rename the file to change it's file extension to a random string, taking care that it is unassociated, like test.asdfghjkl etc. Double click the file and it opens seamlessly in the parent application. 现在重命名该文件，将其文件扩展名更改为随机字符串，注意它是无关联的，如test.asdfghjkl等。双击该文件，它在父应用程序中无缝打开。

Now AFAIK, windows checks the file extension of the file and uses it to do an action, viz open an application and pass the file to it to open. 现在AFAIK，windows检查文件的文件扩展名并使用它来执行操作，即打开一个应用程序并将文件传递给它打开。 Then how does the office suite manage to do this? 那么办公套件如何设法做到这一点？

EDIT: How about the case when the extension is changed to one that is associated with another application. 编辑：扩展名更改为与另一个应用程序关联的扩展名的情况如何。 Is there a priority algorithm in place for handling that ? 是否有适当的优先级算法来处理？

2 个解决方案

Do you have the "View extensions for known types" option on? 您是否拥有“查看已知类型的扩展名”选项？

EDIT: @Comments.... Yes, its a stupid/insulting question, but when troubleshooting a problem I have learned to assume nothing, and trust the users 0%. 编辑：@Comments ....是的，这是一个愚蠢/侮辱性的问题，但在解决问题时，我学会了什么都不做，并且信任用户0％。

BUT, I tried it, and you're right. 但是，我试过了，你是对的。 Its stupid that MS has this kind of behavior, and it can only lead to security vulnerabilities, which led me on a search for your answer. 愚蠢的是MS有这种行为，它只能导致安全漏洞，这导致我寻找你的答案。

From the posts at http://seclists.org/fulldisclosure/2007/Jan/0444.html 来自http://seclists.org/fulldisclosure/2007/Jan/0444.html上的帖子

"You have stumbled on an age-old quirky behavior of Windows. Office document formats are based on a standard Windows container format, OLE structured storage files, also known as "docfiles". A docfile's name and extension are irrelevant - the file is, conceptually, a serialization of an OLE object, and like all serialization formats it contains the identifier of the application that produced it, in the form of an OLE class id (in GUID format) in this case. You can easily verify that it doesn't work with the newer Office XML formats" “你偶然发现了Windows的古老古怪行为.Office文档格式基于标准的Windows容器格式，OLE结构化存储文件，也称为”docfiles“。文件文件的名称和扩展名无关紧要 - 文件是，从概念上讲，OLE对象的序列化，以及所有序列化格式，它包含生成它的应用程序的标识符，在这种情况下以OLE类ID（GUID格式）的形式。您可以轻松验证它没有'使用较新的Office XML格式“

Indeed it doesnt work for the 2007 *X file types, but 2K3 is still a problem. 事实上，它不适用于2007 * X文件类型，但2K3仍然是一个问题。 To solve this problem... Upgrade! 解决这个问题...升级！ =) =）

And here at security focus under TOC point 2. 在TOC第2点的安全焦点处。

So, there you go. 所以，你去吧。

I can't seem to make this happen now, but I know I saw Windows reading XML processing instructions a few years back. 我现在似乎无法实现这一点，但我知道几年前我看到Windows阅读XML处理指令。 Maybe that is what's going on? 也许那是怎么回事？