|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA10529] Microsoft Word Form Protection Bypass Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Jan 05 2004 - 09:31:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Microsoft Word Form Protection Bypass Vulnerability
SECUNIA ADVISORY ID:
SA10529
VERIFY ADVISORY:
http://www.secunia.com/advisories/10529/
CRITICAL:
Not critical
IMPACT:
Manipulation of data
WHERE:
Local system
SOFTWARE:
Microsoft Office XP
Microsoft Office 97
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Professional Edition
Microsoft Office 2000
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 97
DESCRIPTION:
Thorsten Delbrouck has reported a vulnerability in Microsoft Word,
which can be exploited by malicious people to manipulate protected
documents.
Microsoft Word includes a "form" password protection mechanism to
prevent manipulation of documents. However, it is possible to bypass
this mechanism by clearing the password checksum in the document
(setting it to "0x00000000" with a hex editor).
The original password checksum to search for can be found by saving a
protected document as a ".html" file and then looking at the value in
the "<w:UnprotectPassword>" tag.
SOLUTION:
Don't rely on this feature to protect documents from malicious
tampering.
Microsoft has responded that this feature is meant to protect against
accidental changes only and is not intended to increase security. A
knowledge base article describing this issue is available at:
http://support.microsoft.com/?id=822924
PROVIDED AND/OR DISCOVERED BY:
Thorsten Delbrouck
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://www.secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]