[ISN] Old Microsoft bug may cause data leaks

From: InfoSec News (isnat_private)
Date: Tue May 07 2002 - 23:14:23 PDT

Next message: InfoSec News: "[ISN] EDS bans IM"

Previous message: InfoSec News: "[ISN] Attack on infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.com.com/2100-1023-901112.html?tag=fd_top

By Bruce Simpson 
Special to CNET News.com
May 7, 2002, 10:20 AM PT

A security hole affecting old copies of some Microsoft Office
applications may have left a legacy of data leaks with the potential
to reveal sensitive information and weaken security on government and
commercial Web sites around the world.

The Google search engine reports that there are over half a million
Microsoft Word .doc files available for download from various Web
sites. Of these, a small but significant percentage have been created
using versions of the software known to create "leaky" documents.

First discovered in 1998, the bug causes random fragments of data from
previously deleted files to be included in areas of a document that
are otherwise unused. This random data can contain anything that might
have once been stored on the creator's computer, including passwords,
sections of other documents and correspondence.

Anyone downloading affected documents and browsing them with a hex
editor--a program that allows a user to look at code--can easily view
this extra information, although it otherwise remains invisible.

The applications responsible for producing these potentially leaky
documents were Microsoft Word 6.0 and 7.0, plus version 7.0 of
PowerPoint and Excel. Although a patch was quickly released to plug
the hole, documents created before the patch was applied, and not
subsequently edited, may still contain the unexpected snippets of
sensitive data.

U.S. government Web sites also appear vulnerable to these potential
leaks, with some 240,000 Word documents and 32,000 PowerPoint files
listed by Google under the .gov domain. A small sampling indicates
that up to 5 percent of these documents may have been created with the
buggy versions of the software.

The problem appears to be a global one, although it is more pronounced
in areas where the Net was in common use before the flaw was
uncovered. Potentially leaky documents have been discovered on the
government Web sites of a number of other countries, including Canada,
France, Australia and New Zealand.

ZDNet Australia's Bruce Simpson reported from Sydney.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] EDS bans IM"
Previous message: InfoSec News: "[ISN] Attack on infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 08 2002 - 02:53:33 PDT