Bugtraq mailing list archives
Re: Microsoft Word documents that "phone" home
From: "Crooks, James" <james.crooks () CA PWCGLOBAL COM>
Date: Wed, 30 Aug 2000 20:03:55 -0400
exploit also affects .rtf files in MS Word 97 (URL in .rtf: gets ignored in MS WordPad, gets error message in Lotus Word Pro 97) - I'm getting someone to verify operation of Word in MS Office 2000... /jc "Richard M. Smith" <rms () PRIVACYFOUNDATION ORG> on 08/30/2000 07:52:51 AM Please respond to "Richard M. Smith" <rms () PRIVACYFOUNDATION ORG> To: BUGTRAQ () SECURITYFOCUS COM cc: Subject: [BUGTRAQ] Microsoft Word documents that "phone" home Hi, The Privacy Foundation has just released an advisory on an issue that we discovered earlier this month in Microsoft Word. We found that it is possible to embedded "Web bugs" in Word documents. The Web bugs allow the author of a document to track via the Internet where a document is being read. The trick could be used to monitor leaks of confidential documents from a organization to outsiders as well as detecting copyright violations. In addition, it is also possible to place Web bugs in individual paragraphs and detect when the text is copied from one Word document to another. The complete advisory is available at the Foundation's Web site: http://www.privacyfoundation.org/advisories/advWordBugs.html A demonstration "bugged" document for Word 97 and Word 2000 has been set up at: http://www.privacycenter.du.edu/demos/bugged.doc We also found that Excel 2000 spreadsheet files and PowerPoint 2000 slideshows can be "bugged" in the same manner. Richard ================================================ Richard M. Smith Chief Technology Officer Privacy Foundation Email: rms () privacyfoundation org http://www.privacyfoundation.org ================================================ ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Current thread:
- Microsoft Word documents that "phone" home Richard M. Smith (Aug 30)
- <Possible follow-ups>
- Re: Microsoft Word documents that "phone" home Microsoft Security Response Center (Aug 31)
- Re: Microsoft Word documents that "phone" home Crooks, James (Aug 31)