Results 1 to 11 of 11

Thread: Has anyone heard of this MS Word vulnerability

  1. #1
    Bruce Meyer
    Guest

    Has anyone heard of this MS Word vulnerability

    Whikle trying to determine the source of a leak, one of my colleagues
    said he thought he had read of the following:

    If I create an MS Word Document, and save it. Then later open it back
    up and delete a specific paragraph prior to publishing that document
    on a web site, a user with a tool designed for this, can recover the
    deleted text as it is actually still inside that document.

    I had never heard of this.

    Can anyone verify if this is correct, and if so, how to go about
    viewing that deleted paragraph to prove to others that yes, this could
    be how info is being extracted from published documents?

    Thanks either way,
    Bruce D. Meyer

  2. #2
    Leythos
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    In article <f46878ca-c024-425f-aa93-3a35737b7222
    @l42g2000hsc.googlegroups.com>, bdmeyersc@gmail.com says...
    > If I create an MS Word Document, and save it. Then later open it back
    > up and delete a specific paragraph prior to publishing that document
    > on a web site, a user with a tool designed for this, can recover the
    > deleted text as it is actually still inside that document.


    While not exactly as you state, unless you SAVE AS the file will contain
    edits and other pieces that you've removed - this has been known for
    YEARS.

    Always publish documents to PDF so that you don't have to worry about
    it.

    If you are going to publish text from a word document, do just that,
    publish the text.

    If you want to make the document downloadable, but they don't need to
    edit it, your only safe method is to convert to PDF and digitally sign
    the document.

    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  3. #3
    Arthur T.
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    In
    Message-ID:<f46878ca-c024-425f-aa93-3a35737b7222@l42g2000hsc.googlegroups.com>,
    Bruce Meyer <bdmeyersc@gmail.com> wrote:

    >If I create an MS Word Document, and save it. Then later open it back
    >up and delete a specific paragraph prior to publishing that document
    >on a web site, a user with a tool designed for this, can recover the
    >deleted text as it is actually still inside that document.
    >
    >I had never heard of this.
    >
    >Can anyone verify if this is correct, and if so, how to go about
    >viewing that deleted paragraph to prove to others that yes, this could
    >be how info is being extracted from published documents?


    There are a lot of examples of this that have been in the
    news. And, it's not just deleted text; sometimes the metadata
    (properties) can leak data.

    M$ has a free download, the "remove hidden data" tool, for
    Office. Get it and use it.

    I was going to tell you how to view the hidden data, but I
    find I'm uncomfortable stating even this minor bit of cracking
    info in a public forum. I *will* say that it's dead simple.

    One of the 3-letter agencies has a policy that the only way
    they'll make a document available electronically is to print it,
    scan it, and make the scan available.

    --
    Arthur T. - ar23hur "at" intergate "dot" com
    Looking for a z/OS (IBM mainframe) systems programmer position

  4. #4
    Jim Watt
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    On Tue, 3 Jun 2008 06:40:51 -0700 (PDT), Bruce Meyer
    <bdmeyersc@gmail.com> wrote:

    >Whikle trying to determine the source of a leak, one of my colleagues
    >said he thought he had read of the following:
    >
    >If I create an MS Word Document, and save it. Then later open it back
    >up and delete a specific paragraph prior to publishing that document
    >on a web site, a user with a tool designed for this, can recover the
    >deleted text as it is actually still inside that document.
    >
    >I had never heard of this.
    >
    >Can anyone verify if this is correct, and if so, how to go about
    >viewing that deleted paragraph to prove to others that yes, this could
    >be how info is being extracted from published documents?
    >
    >Thanks either way,
    > Bruce D. Meyer


    Its old news, and along with macro virus's a reason
    why publishing word documents on the Internet is
    unwise.

    I believe .rtf's are generally safe.
    --
    Jim Watt
    http://www.gibnet.com

  5. #5
    Moe Trin
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    On Tue, 3 Jun 2008, in the Usenet newsgroup alt.computer.security, in article
    <f46878ca-c024-425f-aa93-3a35737b7222@l42g2000hsc.googlegroups.com>, Bruce
    Meyer wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    >Whikle trying to determine the source of a leak, one of my colleagues
    >said he thought he had read of the following:
    >
    >If I create an MS Word Document, and save it. Then later open it back
    >up and delete a specific paragraph prior to publishing that document
    >on a web site, a user with a tool designed for this, can recover the
    >deleted text as it is actually still inside that document.


    Yeah, that has been a "feature" of MS Word for at least 18 years,
    probably as long as MS Word has existed (~25 years).

    >I had never heard of this.


    Well, you're posting from a search engine - did you ever think to use
    it for the purpose it was originally created for (other than providing
    targeted advertising that is). Even the wonkypedia discusses the
    problem. "comp.risks" is a Usenet newsgroup that mirrors the Risks
    Digest from the ACM. If you were to search for keywords like 'redact'
    'delete' and 'Microsoft Word' (or MS Word)
    in the last three years, you should get at least a dozen hits. It's
    been used by law enforcement to catch criminals with some regularity.
    You'd think people might learn, but that means reading a manual, and
    that's way to hard.

    >Can anyone verify if this is correct, and if so, how to go about
    >viewing that deleted paragraph to prove to others that yes, this could
    >be how info is being extracted from published documents?


    You mention the word "leak" above, and are posting from a South Carolina
    state address block. Rather than tell you, and have you contaminate the
    evidence because you don't know what you are doing, contact your designated
    law enforcement agency. Yes, the method is trivial, and many how it's
    done. The so-called tool is ordinary software found on most computers.

    Old guy

  6. #6
    Moe Trin
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    On Tue, 3 Jun 2008, in the Usenet newsgroup alt.computer.security, in article
    <MPG.22af15f9d002e21d9898b9@adfree.usenet.com>, Leythos wrote:

    >While not exactly as you state, unless you SAVE AS the file will contain
    >edits and other pieces that you've removed - this has been known for
    >YEARS.


    I'm amazed that that "feature" is still here, what - twentyfive years
    after MS-Word 1.0. I mean it's not as if we're still running on a
    4.77 MHz 8088 using floppy drives as mass storage.

    >Always publish documents to PDF so that you don't have to worry about
    >it.


    Owww, maybe _you_ want to spend some time with a search engine - the
    Usenet newsgroup comp.risks would be nice, and search for the keyword
    'redact' - which will bring up issue 24.14 through 24.17 (1Q2006)

    PDF documents can leak image data (Geoff Kuenning)

    NSA on redacting Word and PDF documents (dmagda)
    NSA explains how to redact documents electronically (Steven M. Bellovin)

    Re: "NSA on redacting Word and PDF documents" (Matt Jaffe)

    Some risks can be good for you, Re: redacting (Richard Karpinski)

    or issue 24.34 and 24.35 (Jul 2006)

    Yet another example of accidental disclosure of redacted info (Aaron Emigh)

    Re: Yet another example of accidental disclosure of redacted info
    (Amos Shapir)

    or issue 24.83 (Sept 2007)

    FIA blunder reveals secrets: obscured material viewable (Ben Moore)
    Redacted material still viewable (Ben Moore)

    That's just looking at Volume 24. There are others in other volumes.

    Old guy

  7. #7
    David H. Lipman
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    From: "Bruce Meyer" <bdmeyersc@gmail.com>

    | Whikle trying to determine the source of a leak, one of my colleagues
    | said he thought he had read of the following:
    |
    | If I create an MS Word Document, and save it. Then later open it back
    | up and delete a specific paragraph prior to publishing that document
    | on a web site, a user with a tool designed for this, can recover the
    | deleted text as it is actually still inside that document.
    |
    | I had never heard of this.
    |
    | Can anyone verify if this is correct, and if so, how to go about
    | viewing that deleted paragraph to prove to others that yes, this could
    | be how info is being extracted from published documents?
    |
    | Thanks either way,
    | Bruce D. Meyer

    Yes. This is relatively "well known". PowerPoint and Excel also suffer from this.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



  8. #8
    Arthur T.
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    In Message-ID:<bv0b4493p5o32igfpe99o90pp7v0r43ja3@4ax.com>,
    Jim Watt <jimwatt@aol.no_way> wrote:

    >I believe .rtf's are generally safe.


    Want to open up an RTF from me in Word and see what kind of
    havoc I can cause?

    It's fairly simple to create an RTF with malicious effect,
    but, again, I won't tell how in a public forum.

    --
    Arthur T. - ar23hur "at" intergate "dot" com
    Looking for a z/OS (IBM mainframe) systems programmer position

  9. #9
    Jim Watt
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    On Tue, 03 Jun 2008 18:56:31 -0400, Arthur T. <arthur@munged.invalid>
    wrote:

    >In Message-ID:<bv0b4493p5o32igfpe99o90pp7v0r43ja3@4ax.com>,
    >Jim Watt <jimwatt@aol.no_way> wrote:
    >
    >>I believe .rtf's are generally safe.

    >
    > Want to open up an RTF from me in Word and see what kind of
    >havoc I can cause?


    Fair enough, but an advantage of them is they are cross
    platform and don't contain macros. The rtf's on my sites
    are safe, and I suspect unless the content is carefully
    crafted, so are most other peoples. However on this
    occasion I shall decline the offer :)

    I seem to remember thare was a rather explosive .zip
    file which turned into umpteen gigabytes.
    --
    Jim Watt
    http://www.gibnet.com

  10. #10
    Arthur T.
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    In Message-ID:<i5kb44l1ap0410a1749nlgeqjjdbnrk08l@4ax.com>,
    Jim Watt <jimwatt@aol.no_way> wrote:

    >Fair enough, but an advantage of them is they are cross
    >platform and don't contain macros.


    If you want to give me your edress, I'll reply to this
    off-list.

    --
    Arthur T. - ar23hur "at" intergate "dot" com
    Looking for a z/OS (IBM mainframe) systems programmer position

  11. #11
    Klunk
    Guest

    Re: Has anyone heard of this MS Word vulnerability

    On Tue, 03 Jun 2008 19:49:42 +0200, Jim Watt passed an empty day by
    writing:

    > Its old news.....


    As is the Apache 2.0.51 vulnerability affecting your Website on that VPS.

Similar Threads

  1. Word 2003 & diff languages (Hebrew)
    By Qui-Gon John in forum Software Forum
    Replies: 0
    Last Post: 01-18-08, 09:32 AM
  2. MS WORD 2003 question
    By Dan in forum Software Forum
    Replies: 7
    Last Post: 12-04-07, 06:05 AM
  3. MS Office Word Stuck on French Canadian
    By *cho* in forum General Discussion Board
    Replies: 3
    Last Post: 04-02-07, 11:43 PM
  4. A Word i had Never Heard of Before
    By minir in forum General Discussion Board
    Replies: 5
    Last Post: 03-04-07, 05:28 AM
  5. MS word
    By 24giovanni in forum Software Forum
    Replies: 10
    Last Post: 02-06-07, 10:51 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •