Förderverein Informationstechnik und Gesellschaft
Office 98 Security Hole: Samples
Microsoft/Compaq Samples Reader Experiences
In researching the long-standing Microsoft Office/OLE security holes, we took a look at some of Microsoft's own Word documents, published on its web site long after the release of its security patch, as well as a Word document posted by Compaq on its web site. These documents, like millions of other MS Office documents, contain extraneous data that may unintentionally reveal sensitive confidential or private information, hidden from view within Word.
A MacInTouch reader who pointed out one of the files wrote:
"You can easily read the name and directory path of the original file, any revisions and who did them with full directory paths (even on the MS server), the directory paths of all attached graphics, and what appears to be a registration numbers and passwords associated with each user that saved the file. With enough documents, you could concievably construct a full directory structure for the entire MS network, and have the machine codes to mimic a computer in the building. Looks like MS has done half of the hacker's work for them... they are a break-in waiting to happen."
In each example below, we show hidden information that is invisible within Word but readily available when the document is opened with a text editor or utility program, such as John Lamb's TextBrowser or Bare Bones Software's BBEdit. We did not do an detailed security analysis of each document, but simply copied out some interesting hidden material. In each case, it is unlikely that the document authors intended to reveal the hidden information in these files, which now are available to millions of people on the Internet, although this information appears far more innocuous than the URLs, source code directories, credit card information and private mail that readers report finding hidden in their Word documents. [...]