Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Old Microsoft bug may cause data leaks

From: InfoSec News <isn () c4i org>
Date: Wed, 8 May 2002 01:14:23 -0500 (CDT)
http://news.com.com/2100-1023-901112.html?tag=fd_top

By Bruce Simpson 
Special to CNET News.com
May 7, 2002, 10:20 AM PT

A security hole affecting old copies of some Microsoft Office
applications may have left a legacy of data leaks with the potential
to reveal sensitive information and weaken security on government and
commercial Web sites around the world.

The Google search engine reports that there are over half a million
Microsoft Word .doc files available for download from various Web
sites. Of these, a small but significant percentage have been created
using versions of the software known to create "leaky" documents.

First discovered in 1998, the bug causes random fragments of data from
previously deleted files to be included in areas of a document that
are otherwise unused. This random data can contain anything that might
have once been stored on the creator's computer, including passwords,
sections of other documents and correspondence.

Anyone downloading affected documents and browsing them with a hex
editor--a program that allows a user to look at code--can easily view
this extra information, although it otherwise remains invisible.

The applications responsible for producing these potentially leaky
documents were Microsoft Word 6.0 and 7.0, plus version 7.0 of
PowerPoint and Excel. Although a patch was quickly released to plug
the hole, documents created before the patch was applied, and not
subsequently edited, may still contain the unexpected snippets of
sensitive data.

U.S. government Web sites also appear vulnerable to these potential
leaks, with some 240,000 Word documents and 32,000 PowerPoint files
listed by Google under the .gov domain. A small sampling indicates
that up to 5 percent of these documents may have been created with the
buggy versions of the software.

The problem appears to be a global one, although it is more pronounced
in areas where the Net was in common use before the flaw was
uncovered. Potentially leaky documents have been discovered on the
government Web sites of a number of other countries, including Canada,
France, Australia and New Zealand.

ZDNet Australia's Bruce Simpson reported from Sydney.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: