Legitimate and practical uses for Windows "Magic Bytes" behavior?

Discussion in 'other security issues & news' started by Devinco, Jun 26, 2006.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Windows "Magic Bytes" behavior is the ability of windows to open a file based on its contents (of the file header) rather than its extension. So if you rename a .jpg file to have a .gif extension, you can still open and preview it correctly.

    This Magic Bytes behavior also exposes Windows to all sorts of vulnerabilities from the Jpeg vulnerability of old to last years WMF vulnerability and untold future exploits. All malware authors need do is pick a vulnerable target component and feed it a file header that is malformed enough to cause a buffer overflow in the component which then executes some malicious code.

    So my question is:
    What are legitimate and practical uses for Windows "Magic Bytes" behavior?
     
  2. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Accidental renaming of a file to another file type when you have extensions shown.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hello sosaiso,

    That is really the only thing I could think of as well.
    But you know, this whole behavior is unnecessary because windows will warn you before you change a file's extension and most all programs that save any type of documents will automatically add the correct file extension.
     
Loading...
Thread Status:
Not open for further replies.