Bugtraq mailing list archives
Microsoft Office security bug
From: aleph1 () DFW NET (Aleph One)
Date: Fri, 7 Nov 1997 10:02:24 -0600
---------- Forwarded message ---------- Date: Fri, 07 Nov 1997 08:32:21 -0600 From: lustiger () att com To: lustiger () att com Newsgroups: comp.security.misc, alt.security Subject: Microsoft Office security bug (First posting didn't get out, sorry if repeated.) I discovered what looks like a major hole in Microsoft Office (95 and 97) passworded files. While the files are encrypted (and I know that the Office 95 file encryption is laughably weak), *the file attachments are not.* So if you attach a Visio picture or Excel spreadsheet to a passworded Word file, they are saved in the clear. Any ASCII file viewer can be used to easily verify this. Needless to say, one can get a lot of information from attachments. This problem exists for both Word and Excel, 95 and 97. I e-mailed to secure () microsoft com and never received a reply besides the boilerplate "if we consider this a security problem we'll contact you within one business day, otherwise call support." So if you really want to safeguard your MS Office files, use a third-party encryption package. -- Alan Lustiger lustiger () att com These are my opinions only, not AT&T's. AT&T is not responsible for this posting. -------------------==== Posted via Deja News ====----------------------- http://www.dejanews.com/ Search, Read, Post to Usenet
Current thread:
- Sidenote of Pentium Bugs, (continued)
- Sidenote of Pentium Bugs Dave (Nov 07)
- Security bug in iCat Suite version 3.0 Mikael Johansson (Nov 08)
- Re: Intel Pentium Bug JoelKatz (Nov 07)
- Re: Intel Pentium Bug Joe Ilacqua (Nov 07)
- Re: Intel Pentium Bug Rubens Kuhl Jr. (Nov 07)
- Re: Intel Pentium Bug Ralf Baechle (Nov 10)
- Re: Intel Pentium Bug Barry Irwin (Nov 08)
- Re: Intel Pentium Bug Bjorn Wesen (Nov 08)
- Re: Intel Pentium Bug Peter Bierman (Nov 08)
- Re: Intel Pentium Bug Aleph One (Nov 08)
- Microsoft Office security bug Aleph One (Nov 07)
- Re: Microsoft Office security bug Inigo Gonzalez (Nov 11)
- What were the opcodes to hang a Pentium again? (fwd) Darren Reed (Nov 11)
- Re: Microsoft Office security bug Aleph One (Nov 11)
- Vunerability in Lizards game SUID (Nov 11)
- Re: Vunerability in Lizards game Alex Murray (Nov 12)
- Re: Vunerability in Lizards game Olaf Titz (Nov 13)
- Re: Vunerability in Lizards game Kragen \ (Nov 13)
- Re: Vunerability in Lizards game Neil Levine (Nov 17)
- Re: Vunerability in Lizards game Joe Zbiciak (Nov 18)
- Re: Vunerability in Lizards game Zoltan Hidvegi (Nov 18)
- Microsoft Office security bug Aleph One (Nov 07)