[ISN] MS Office Leaks Sensitive Data (the real story)

From: mea culpa (jerichoat_private)
Date: Tue Jun 30 1998 - 01:04:28 PDT

  • Next message: mea culpa: "[ISN] Disorder saves the day"

    Forwarded From: Aleph One <aleph1at_private>
    [ This is a wonderful example of the press at work. I was contacted by
      a wired staff member last week about this story. Sorry, I don't recall
      if it was Chris or someone else. At that time they wanted to talk to
      me and get a quote. They wanted to go to press as soon as possible.
      I told them I was still looking into the matter and if he could call me
      back in five minutes. He agreed. I knew I had seen this problem before
      but could not remember where. I looked in the bugtraq archives and could
      find nothing. I probably saw it while I was subscribed to cypherpunks a
      long time ago. In any case, I searched the MS KB and found the article
      talking about the OLE fix. Five minutes later I got a call from the same
      reporter and I explained to him there was a fix for the problem
      available for several months. Whats more the fix had been included in 
      the Windows 95 SP1 so most new version of Win95 should be safe. After
      being informed of this the reported decided he no longer had a story and
      would simply file the information someplace. Now is a few days later and
      we got this article from wired. There is no mention to the fact that SP1
      includes the fix. There is also no mention to how long the fix is been
      out (months). They said they could not reach MS in time but I know they
      been researching this story for days. In any case the problem does not
      seem to have anything to do with RAM but on the way FAT allocated space
      for files. So much for accurate reporting. - a1 ]
       MS Office Leaks Sensitive Data
       by Chris Oakes 
       6:15pm  29.Jun.98.PDT
       Microsoft has acknowledged a security vulnerability in its Office
       application suite that can potentially reveal sensitive data residing
       on a user's computer.
       The bug reveals information that resides in a user's RAM and memory
       buffers -- such as user IDs and passwords -- when users save Microsoft
       Word, Excel, and PowerPoint documents. To access the potentially
       sensitive information contained inside a document, a user simply has
       to open the file using a text-editing program such as BBEdit or
       Windows Notepad.
       "I've received numerous emails confirming it in Windows," programmer
       Mike Morton said last week. Morton, of the ecommerce company DXStorm,
       recently reported his own experience with the bug to the BugTraq
       mailing list, which issued an alert last week.
       Microsoft (MSFT) says the bug affects users of Excel 7.0,
       PowerPoint 7.0, and Word 6.0 and 7.0 on the Windows 95 platform. The
       bug may be of particular interest to users who attach Office documents
       in emails, which could reveal the potentially sensitive information to
       all recipients of the attached document.
       Microsoft has released a patch for the bug, which is described as
       an "OLE Update for Windows 95."
       "Due to the way Microsoft Excel, Microsoft PowerPoint, and Microsoft
       Word for Windows use OLE for file storage, documents created in these
       programs may contain extraneous data from previously deleted files,"
       the Microsoft site reads. "This extraneous data is not visible within
       the document and does not affect your ability to use these programs
       normally. However, it is possible that legible portions of previously
       deleted files may be viewable if you examine these document files
       using Notepad or file-utility software."
       The situation could pose security and privacy concerns when these
       documents are handled electronically, the alert says.
       The type of information revealed in Office documents could include the
       text of telnet sessions when user IDs and passwords are entered to
       access remote services, the contents of disk directory paths, and the
       URLs of visited Web sites. So far, Morton said he hasn't discovered
       common textual information, such as email content or other sensitive
       communciations. But he doesn't rule that out, either.
       Morton said that in analyzing some of the information contained in his
       company's documents, the information found there -- even in new
       documents -- looks to be as much as a month old. This suggests that
       the filler data may even be taken from dormant sections of the hard
       disk. But mostly he's seen evidence that it comes from memory spaces.
       "It looks like [Word] uses a chunk of buffer or RAM memory just to
       fill out the minimum-size requirements of the document," Morton said.
       "So pretty much anything that's residing in your memory it's grabbing
       it and dumping it into the document."
       Morton said his company will suspend using Microsoft applications to
       provide materials to its customers until it has resolved the problem.
       The bug does not affect Microsoft Windows NT users, but does affect
       Word 98 for the MacOS, and no patch for that has been made available.
       Microsoft could not be reached for comment in time for this story.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:06 PDT