| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Mar 2004 19:09:10 +0000 From: Andrew W Barkley <abarkle3@....com> To: bugtraq@...urityfocus.com Subject: UPDATED: MS Word - password protection vulnerabilty Hi ... There are several vulnerabilities published/discussed regarding MS Word & MS Office in general, however, 'tis is the most "no brainer" I've discovered ... Vulnerability: Password protected document that has "tracked changes, comments or forms" password protected Vulerable: MS Word (Win2K/XP) Example 1 1) Open MS Word with a new/blank page 2) Now select "Insert" >> "File" & browse for your password protected doc & select "Insert" & "Insert" into your new/blank doc 3) Now select Tools >> & Whey hey, voila, there's no longer an "Unprotect document" ... password vanished ... Example 2 1) Open your password protected doc in MS Word i.e. you can't edit protected fields (apparently) 2) Save as a Rich Text Format (RTF) & keep this RTF file open in MS Word (YES, keep open) 3) Whilst your new RTF file is open in MS Word, go "File Open" & find your newly saved RTF file & open (YES, you DO need to do 'tis even though you already have it open) 4) If prompted to revert say YES, if not prompted stay calm. Now in your MS Word menu go & "Unprotect Document", amazingly, voila, you don't get prompted for a password Change password if ya like & or save in whatever format if ya like ... L0phtphrack :-/
Powered by blists - more mailing lists