Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: password protection in office XP documents

From: Brian Eckman <eckman () umn edu>
Date: Tue, 17 Jun 2003 08:51:47 -0500
matt willson wrote:

Common known flaw with microsoft, and their program recognizing by file
extension method, is that if you rename a file (by right clicking the
file and hititng rename)blah.doc into blah.html then choosing the
program to open it up with, you have got a bypass.
I just tried this with fully-patched Microsoft Word from Office XP. I renamed a test.doc to test.html. I then opened it with Word and the document protection for changes was still enabled.
This is because of their "recognizing by file extension method", and isn't really a "flaw". Their "recognizing by file extension method" actually *prevented* the bypass, not caused it. 

I then opened the file with Internet Explorer and it was a bunch of garbage.

Am I missing something?

Brian

--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
612-626-7737

"There are 10 types of people in this world. Those who
understand binary and those who don't."


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in 
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: