Bugtraq mailing list archives
Re: Microsoft Word documents that "phone" home
From: Charles Sprickman <spork () INCH COM>
Date: Thu, 31 Aug 2000 18:05:26 -0400
Is anyone aware of whether or not other applications capable of opening word docs are vulnerable. Examples would be StarOffice and Applixware... Thanks, Charles On Wed, 30 Aug 2000, Crooks, James wrote:
exploit also affects .rtf files in MS Word 97 (URL in .rtf: gets ignored in MS WordPad, gets error message in Lotus Word Pro 97) - I'm getting someone to verify operation of Word in MS Office 2000... /jc "Richard M. Smith" <rms () PRIVACYFOUNDATION ORG> on 08/30/2000 07:52:51 AM Please respond to "Richard M. Smith" <rms () PRIVACYFOUNDATION ORG> To: BUGTRAQ () SECURITYFOCUS COM cc: Subject: [BUGTRAQ] Microsoft Word documents that "phone" home Hi, The Privacy Foundation has just released an advisory on an issue that we discovered earlier this month in Microsoft Word. We found that it is possible to embedded "Web bugs" in Word documents. The Web bugs allow the author of a document to track via the Internet where a document is being read. The trick could be used to monitor leaks of confidential documents from a organization to outsiders as well as detecting copyright violations. In addition, it is also possible to place Web bugs in individual paragraphs and detect when the text is copied from one Word document to another. The complete advisory is available at the Foundation's Web site: http://www.privacyfoundation.org/advisories/advWordBugs.html A demonstration "bugged" document for Word 97 and Word 2000 has been set up at: http://www.privacycenter.du.edu/demos/bugged.doc We also found that Excel 2000 spreadsheet files and PowerPoint 2000 slideshows can be "bugged" in the same manner. Richard ================================================ Richard M. Smith Chief Technology Officer Privacy Foundation Email: rms () privacyfoundation org http://www.privacyfoundation.org ================================================ ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Current thread:
- Re: Microsoft Word documents that "phone" home Charles Sprickman (Sep 01)
- Message not available
- Re: Microsoft Word documents that "phone" home Peter Ilieve (Sep 02)
- Message not available
- <Possible follow-ups>
- Re: Microsoft Word documents that "phone" home Don Halterman (Sep 01)
- Re: Microsoft Word documents that "phone" home Hal DeVore (Sep 02)
- Re: Microsoft Word documents that "phone" home Rob Slade, doting grandpa of Ryan and Trevor (Sep 01)
- Re: Microsoft Word documents that "phone" home Rex Sanders (Sep 01)
- Re: Microsoft Word documents that "phone" home Kris Kennaway (Sep 01)
- Re: Microsoft Word documents that "phone" home Michael Wojcik (Sep 01)
- Re: Microsoft Word documents that "phone" home Microsoft Security Response Center (Sep 01)
- Re: Microsoft Word documents that "phone" home Terje Bless (Sep 02)
- Re: Microsoft Word documents that "phone" home Brad (Sep 02)