Bugtraq mailing list archives
Re: Microsoft Word documents that "phone" home
From: James Hoagland <hoagland () SILICONDEFENSE COM>
Date: Thu, 31 Aug 2000 09:22:20 -0700
This loading of external URLs could also be used to cause the viewer of the document to visit web sites they did not intent and that they might catch some heat for doing (e.g., porn sites). Web page authors already have this ability, though in the document case, it may be possible to obscure the origin of the document. I wonder if this could be used as a part of a DDOS against a site. Perhaps including lots of references to images on the victim site. Just some random thoughts. Regards, Jim At 10:52 AM -0400 8/30/00, Richard M. Smith wrote:
Hi, The Privacy Foundation has just released an advisory on an issue that we discovered earlier this month in Microsoft Word. We found that it is possible to embedded "Web bugs" in Word documents. The Web bugs allow the author of a document to track via the Internet where a document is being read. The trick could be used to monitor leaks of confidential documents from a organization to outsiders as well as detecting copyright violations. In addition, it is also possible to place Web bugs in individual paragraphs and detect when the text is copied from one Word document to another. The complete advisory is available at the Foundation's Web site: http://www.privacyfoundation.org/advisories/advWordBugs.html A demonstration "bugged" document for Word 97 and Word 2000 has been set up at: http://www.privacycenter.du.edu/demos/bugged.doc We also found that Excel 2000 spreadsheet files and PowerPoint 2000 slideshows can be "bugged" in the same manner. Richard ================================================ Richard M. Smith Chief Technology Officer Privacy Foundation Email: rms () privacyfoundation org http://www.privacyfoundation.org ================================================
-- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* hoagland () SiliconDefense com *| |* Voice: (707) 445-4355 x13 Fax: (707) 826-7571 *|
Current thread:
- Re: Microsoft Word documents that "phone" home, (continued)
- Re: Microsoft Word documents that "phone" home Microsoft Security Response Center (Sep 01)
- Re: Microsoft Word documents that "phone" home Terje Bless (Sep 02)
- Re: Microsoft Word documents that "phone" home Brad (Sep 02)
- Other file formats that can "phone" home Richard M. Smith (Sep 03)
- Re: Other file formats that can "phone" home jsl2 (Sep 04)
- Re: Other file formats that can "phone" home Richard M. Smith (Sep 04)
- Sun StarOffice documents that "phone home" and other interesting problems Kurt Seifried (Sep 04)
- Re: Sun StarOffice documents that "phone home" and other interesting problems Luca Berra (Sep 05)
- Leftover data in other files (was Re: Sun StarOffice documents that "phone home".....) jsl2 (Sep 05)
- Re: Leftover data in other files (was Re: Sun StarOffice documents that "phone home".....) Ryan Russell (Sep 05)
- Re: Microsoft Word documents that "phone" home Microsoft Security Response Center (Sep 01)