[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000301c41318$ca773790$b600a8c0@technomind.company>
Date: Fri, 26 Mar 2004 10:57:45 +0100
From: s.zdrojewski@...irtualcommunity.net
To: "'Andrew W Barkley'" <abarkle3@....com>,
bugtraq@...urityfocus.com
Subject: R: UPDATED: MS Word - password protection vulnerabilty
Actually these problems seems to be solved using SP3 of Office XP Published
on MS04-009.
Cheers
-
> -----Messaggio originale-----
> Da: Andrew W Barkley [mailto:abarkle3@....com]
> Inviato: giovedì 25 marzo 2004 20.09
> A: bugtraq@...urityfocus.com
> Oggetto: UPDATED: MS Word - password protection vulnerabilty
> Priorità : Alta
>
> Hi ...
>
>
> There are several vulnerabilities published/discussed regarding MS Word &
> MS Office in general, however, 'tis is the most "no brainer" I've
> discovered ...
>
> Vulnerability:
> Password protected document that has "tracked changes, comments or forms"
> password protected
>
> Vulerable:
> MS Word (Win2K/XP)
>
>
> Example 1
> 1) Open MS Word with a new/blank page
> 2) Now select "Insert" >> "File" & browse for your password protected doc
> &
> select "Insert" & "Insert" into your new/blank doc
> 3) Now select Tools >> & Whey hey, voila, there's no longer an "Unprotect
> document" ... password vanished ...
>
> Example 2
> 1) Open your password protected doc in MS Word i.e. you can't edit
> protected fields (apparently)
> 2) Save as a Rich Text Format (RTF) & keep this RTF file open in MS Word
> (YES, keep open)
> 3) Whilst your new RTF file is open in MS Word, go "File Open" & find your
> newly saved RTF file & open (YES, you DO need to do 'tis even though you
> already have it open)
> 4) If prompted to revert say YES, if not prompted stay calm. Now in your
> MS Word menu go & "Unprotect Document", amazingly, voila, you don't get
> prompted for a password
>
>
> Change password if ya like & or save in whatever format if ya like ...
>
>
> L0phtphrack :-/
Sebastian "En3pY" Zdrojewski
IT Development
IT Virtual Community
http://www.itvc.net
Powered by blists - more mailing lists