|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Microsoft Word documents that "phone" home
From: Charles Sprickman (spork
INCH.COM)Date: Thu Aug 31 2000 - 17:05:26 CDT
- Next message: Dan Harkless: "Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability"
- Previous message: Michael Grant: "Re: Serious Microsoft File Association Bug"
- In reply to: Crooks, James: "Re: Microsoft Word documents that "phone" home"
- Next in thread: James Hoagland: "Re: Microsoft Word documents that "phone" home"
- Reply: Charles Sprickman: "Re: Microsoft Word documents that "phone" home"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Is anyone aware of whether or not other applications capable of opening
word docs are vulnerable. Examples would be StarOffice and Applixware...
Thanks,
Charles
On Wed, 30 Aug 2000, Crooks, James wrote:
> exploit also affects .rtf files in MS Word 97 (URL in .rtf: gets ignored in MS
> WordPad, gets error message in Lotus Word Pro 97) - I'm getting someone to
> verify operation of Word in MS Office 2000...
> /jc
>
>
>
>
> "Richard M. Smith" <rmsPRIVACYFOUNDATION.ORG> on 08/30/2000 07:52:51 AM
>
> Please respond to "Richard M. Smith" <rmsPRIVACYFOUNDATION.ORG>
> To: BUGTRAQSECURITYFOCUS.COM
> cc:
> Subject: [BUGTRAQ] Microsoft Word documents that "phone" home
>
>
>
> Hi,
>
> The Privacy Foundation has just released an advisory
> on an issue that we discovered earlier this month
> in Microsoft Word. We found that it is possible to
> embedded "Web bugs" in Word documents. The Web bugs
> allow the author of a document to track via the Internet
> where a document is being read. The trick could be used
> to monitor leaks of confidential documents from a
> organization to outsiders as well as detecting
> copyright violations. In addition, it is also
> possible to place Web bugs in individual paragraphs
> and detect when the text is copied from one Word
> document to another.
>
> The complete advisory is available at the Foundation's
> Web site:
>
> http://www.privacyfoundation.org/advisories/advWordBugs.html
>
> A demonstration "bugged" document for Word 97 and Word 2000
> has been set up at:
>
> http://www.privacycenter.du.edu/demos/bugged.doc
>
> We also found that Excel 2000 spreadsheet files and
> PowerPoint 2000 slideshows can be "bugged" in the same
> manner.
>
> Richard
>
> ================================================
> Richard M. Smith
> Chief Technology Officer
> Privacy Foundation
>
> Email: rmsprivacyfoundation.org
> http://www.privacyfoundation.org
> ================================================
>
>
>
> ----------------------------------------------------------------
> The information transmitted is intended only for the person or entity to which
> it is addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any action
> in reliance upon, this information by persons or entities other than the
> intended recipient is prohibited. If you received this in error, please
> contact the sender and delete the material from any computer.
>
- Next message: Dan Harkless: "Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability"
- Previous message: Michael Grant: "Re: Serious Microsoft File Association Bug"
- In reply to: Crooks, James: "Re: Microsoft Word documents that "phone" home"
- Next in thread: James Hoagland: "Re: Microsoft Word documents that "phone" home"
- Reply: Charles Sprickman: "Re: Microsoft Word documents that "phone" home"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]