Default Operation Performed to Open a Filetype

vendor:

N/A

by:

SecurityFocus

7.5

CVSS

HIGH

CLSID Interpretation Flaw

426

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Default Operation Performed to Open a Filetype

Due to a flaw in the interpretation of CLSIDs when appended to a filename, it is possible to specify a different default action for a given file than would normally be used. As a result, seemingly harmless files (.txt, .jpg etc) may be opened in a nonstandard, attacker specified manner. For example, a program ('evil.exe') could be renamed 'evil.jpg.{CLSID_of_executables}' and when opened by the target user, this file will be executed instead of opened by their default .jpg viewer.

Mitigation:

Ensure that the CLSIDs are properly interpreted and that the default action for a given file is the expected one.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2612/info

The default operation performed to open a filetype is determining by referencing the filetype's CLSID. Due to a flaw in the interpretation of CLSIDs when appended to a filename, it is possible to specify a different default action for a given file than would normally be used. As a result, seemingly harmless files (.txt, .jpg etc) may be opened in a nonstandard, attacker specified manner. For example, a program ("evil.exe") could be renamed "evil.jpg.{CLSID_of_executables}" and when opened by the target user, this file will be executed instead of opened by their default .jpg viewer. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20774.zip