Outlook’s habits is totally different for numerous kinds of hyperlinks. For instance, for hyperlinks that begin with http:// or https://, the e-mail consumer will ship the hyperlink to the default browser put in on the working system. Nonetheless, if an e mail contains hyperlinks for different protocol handlers, for instance skype:, the e-mail consumer will show a warning that the hyperlink is perhaps unsafe earlier than permitting the consumer to proceed and ahead the request to the domestically put in Skype software, which is the registered protocol handler for skype: hyperlinks.
One other frequent hyperlink protocol is file:// which might usually name an exterior software to render the file relying on its format. Nonetheless, Microsoft has deliberately put a restriction in place to not enable the opening of distant file hyperlinks — for instance, recordsdata hosted on a distant community share probably over the web.
Nonetheless, the Examine Level researchers discovered that this restriction might be bypassed by including the character “!” adopted by a random string on the finish of the URL. For instance, file:///10.10.111.111testtest.rtf wouldn’t work, however file:///10.10.111.111testtest.rtf!one thing would work and the file can be handed to Microsoft Phrase, which is the registered handler for the .rtf file extension.
The rationale this works is as a result of the !one thing half makes Outlook deal with the hyperlink as a Moniker Hyperlink within the context of the Element Object Mannequin (“COM”) on Home windows the place the half after ! is used to lookup a COM object. The Element Object Mannequin is a binary interface by which totally different software program elements can talk with one another. Courting again to 1993 it has served as the inspiration for various applied sciences similar to ActiveX or Microsoft Object Linking & Embedding (OLE).
In essence, Outlook strips the file:// protocol handler and parses the hyperlink utilizing the “ole32!MkParseDisplayName()” API. This in flip treats it as a compound moniker: a FileMoniker being 10.10.111.111testtest.rtf and an ItemMoniker being “one thing.”
As a result of the FileMoniker has the extension .rtf, the API will name a COM server that handles that extension, which occurs to be Microsoft Phrase, which runs as a COM server within the background with out the GUI. When receiving the request, Phrase opens the distant file after which tries to lookup a COM object for the ItemMoniker “one thing.”
