|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Microsoft Word documents that "phone" home
From: Crooks, James (james.crooks
CA.PWCGLOBAL.COM)Date: Wed Aug 30 2000 - 19:03:55 CDT
- Next message: Peter W: "Re: Helix Code Security Advisory - go-gnome pre-installer"
- Previous message: Cy Schubert - ITSD Open Systems Group: "Re: Advisory: mgetty local compromise"
- Maybe in reply to: Richard M. Smith: "Microsoft Word documents that "phone" home"
- Next in thread: Charles Sprickman: "Re: Microsoft Word documents that "phone" home"
- Next in thread: James Hoagland: "Re: Microsoft Word documents that "phone" home"
- Maybe reply: Crooks, James: "Re: Microsoft Word documents that "phone" home"
- Reply: Charles Sprickman: "Re: Microsoft Word documents that "phone" home"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
exploit also affects .rtf files in MS Word 97 (URL in .rtf: gets ignored in MS
WordPad, gets error message in Lotus Word Pro 97) - I'm getting someone to
verify operation of Word in MS Office 2000...
/jc
"Richard M. Smith" <rmsPRIVACYFOUNDATION.ORG> on 08/30/2000 07:52:51 AM
Please respond to "Richard M. Smith" <rmsPRIVACYFOUNDATION.ORG>
To: BUGTRAQSECURITYFOCUS.COM
cc:
Subject: [BUGTRAQ] Microsoft Word documents that "phone" home
Hi,
The Privacy Foundation has just released an advisory
on an issue that we discovered earlier this month
in Microsoft Word. We found that it is possible to
embedded "Web bugs" in Word documents. The Web bugs
allow the author of a document to track via the Internet
where a document is being read. The trick could be used
to monitor leaks of confidential documents from a
organization to outsiders as well as detecting
copyright violations. In addition, it is also
possible to place Web bugs in individual paragraphs
and detect when the text is copied from one Word
document to another.
The complete advisory is available at the Foundation's
Web site:
http://www.privacyfoundation.org/advisories/advWordBugs.html
A demonstration "bugged" document for Word 97 and Word 2000
has been set up at:
http://www.privacycenter.du.edu/demos/bugged.doc
We also found that Excel 2000 spreadsheet files and
PowerPoint 2000 slideshows can be "bugged" in the same
manner.
Richard
================================================
Richard M. Smith
Chief Technology Officer
Privacy Foundation
Email: rmsprivacyfoundation.org
http://www.privacyfoundation.org
================================================
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
- Next message: Peter W: "Re: Helix Code Security Advisory - go-gnome pre-installer"
- Previous message: Cy Schubert - ITSD Open Systems Group: "Re: Advisory: mgetty local compromise"
- Maybe in reply to: Richard M. Smith: "Microsoft Word documents that "phone" home"
- Next in thread: Charles Sprickman: "Re: Microsoft Word documents that "phone" home"
- Next in thread: James Hoagland: "Re: Microsoft Word documents that "phone" home"
- Maybe reply: Crooks, James: "Re: Microsoft Word documents that "phone" home"
- Reply: Charles Sprickman: "Re: Microsoft Word documents that "phone" home"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]