RE: Microsoft Word Protection Bypass

["Christian King" <cking () procuri com>]

Quick HOWTO:

1.  Open the protected document in Word
2.  File / Save As (XML Document)
3.  Open XML Document, look for <w:documentProtection w:edit="read-only"
w:enforcement="on" w:unprotectPassword="xxxxxxx"/>  The
"unprotectPassword" will be a hex byte string.
4.  Open the .doc in your favorite hex editor, and search for the hex
string in the reverse order, i.e. if the unprotectPassword says "1F C6
CB EB" you would be searching for "EB CB C6 1F" .. when you find this
string simply zero them out and save the document (I suggest saving as a
copy obviously).   Once you open the document again you should be able
to just click "Tools / Unprotect Document" and it will not even prompt
for a password.

-Chris

-----Original Message-----
From: Dave.Collins () tetratech com [mailto:Dave.Collins () tetratech com] 
Sent: Wednesday, July 06, 2005 4:11 PM
To: bugtraq () securityfocus com
Subject: Re: Microsoft Word Protection Bypass

Where can I find the "how to" to get around the password protection?  I
have a form that I need to modify, but whoever created it is no longer
with the company and as a result, the password is "gone"

Many Thanks