[ISN] Old Microsoft bug may cause data leaks

From: InfoSec News (isnat_private)
Date: Tue May 07 2002 - 23:14:23 PDT

  • Next message: InfoSec News: "[ISN] EDS bans IM"

    By Bruce Simpson 
    Special to CNET News.com
    May 7, 2002, 10:20 AM PT
    A security hole affecting old copies of some Microsoft Office
    applications may have left a legacy of data leaks with the potential
    to reveal sensitive information and weaken security on government and
    commercial Web sites around the world.
    The Google search engine reports that there are over half a million
    Microsoft Word .doc files available for download from various Web
    sites. Of these, a small but significant percentage have been created
    using versions of the software known to create "leaky" documents.
    First discovered in 1998, the bug causes random fragments of data from
    previously deleted files to be included in areas of a document that
    are otherwise unused. This random data can contain anything that might
    have once been stored on the creator's computer, including passwords,
    sections of other documents and correspondence.
    Anyone downloading affected documents and browsing them with a hex
    editor--a program that allows a user to look at code--can easily view
    this extra information, although it otherwise remains invisible.
    The applications responsible for producing these potentially leaky
    documents were Microsoft Word 6.0 and 7.0, plus version 7.0 of
    PowerPoint and Excel. Although a patch was quickly released to plug
    the hole, documents created before the patch was applied, and not
    subsequently edited, may still contain the unexpected snippets of
    sensitive data.
    U.S. government Web sites also appear vulnerable to these potential
    leaks, with some 240,000 Word documents and 32,000 PowerPoint files
    listed by Google under the .gov domain. A small sampling indicates
    that up to 5 percent of these documents may have been created with the
    buggy versions of the software.
    The problem appears to be a global one, although it is more pronounced
    in areas where the Net was in common use before the flaw was
    uncovered. Potentially leaky documents have been discovered on the
    government Web sites of a number of other countries, including Canada,
    France, Australia and New Zealand.
    ZDNet Australia's Bruce Simpson reported from Sydney.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed May 08 2002 - 02:53:33 PDT