lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040325200412.25608.qmail@search.securityfocus.com>
Date: 25 Mar 2004 20:04:12 -0000
From: Andrew Barkley <abarkle3@....com>
To: bugtraq@...urityfocus.com
Subject: UPDATED: MS Word - password protection vulnerabilty




Hi ...


There are several vulnerabilities published/discussed regarding MS Word (MS Office) in general, however, 'tis is the most "no brainer" I've discovered ...


Vulnerability:
Password protected document that has "tracked changes, comments or forms" password protected

Vulnerable:
MS Word (Win2K/XP)


Example 1
1) Open MS Word with a new/blank page
2) Now select "Insert" >> "File" >> browse for your password protected doc & select "Insert" & "Insert" password protected doc into your new/blank doc
3) Now select "Tools" & Whey hey, voila, there's no longer an "Unprotect document" ... password vanished ...

Example 2
1) Open your password protected doc in MS Word i.e. you can't edit protected fields (apparently)
2) Save as a Rich Text Format (RTF) & keep this RTF file open in MS Word (YES, keep open)
3) Whilst your new RTF file is open in MS Word, go "File Open" & find your newly saved RTF file & open (YES, you DO need to do 'tis even though you already have it open)
4) If prompted to revert say YES, if not prompted stay calm.  Now in your MS Word menu go & "Unprotect document", amazingly, voila, you don't get prompted for a password


Change password if ya like & or save in whatever format if ya like ...


L0phtphrack ;-/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ