Security Basics mailing list archives
Re: password protection in office XP documents
From: Brian Eckman <eckman () umn edu>
Date: Tue, 17 Jun 2003 08:51:47 -0500
matt willson wrote:
Common known flaw with microsoft, and their program recognizing by file extension method, is that if you rename a file (by right clicking the file and hititng rename)blah.doc into blah.html then choosing the program to open it up with, you have got a bypass.
I just tried this with fully-patched Microsoft Word from Office XP. I renamed a test.doc to test.html. I then opened it with Word and the document protection for changes was still enabled.
This is because of their "recognizing by file extension method", and isn't really a "flaw". Their "recognizing by file extension method" actually *prevented* the bypass, not caused it.
I then opened the file with Internet Explorer and it was a bunch of garbage. Am I missing something? Brian -- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota 612-626-7737 "There are 10 types of people in this world. Those who understand binary and those who don't." --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:
- Re: password protection in office XP documents, (continued)
- Re: password protection in office XP documents Brian Eckman (Jun 17)
- Re: password protection in office XP documents Leif Gregory (Jun 17)
- Re: password protection in office XP documents Brian Eckman (Jun 17)
- RE: password protection in office XP documents security (Jun 18)
- Re: password protection in office XP documents Brian Eckman (Jun 18)
- RE: password protection in office XP documents security (Jun 18)
- RE: password protection in office XP documents matt willson (Jun 16)
- RE: password protection in office XP documents news.ajanas (Jun 17)
- Re: password protection in office XP documents Leif Gregory (Jun 17)
- Re: password protection in office XP documents Brian Eckman (Jun 17)
- Re: password protection in office XP documents Leif Gregory (Jun 17)
- RE: password protection in office XP documents Tim Laureska (Jun 17)
- RE: password protection in office XP documents Chad M. (Jun 17)