Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft Insecurity...

From: mike () WOWDX NET (Mike)
Date: Mon, 22 Jun 1998 07:52:11 -0500

Well!  After an overwhelming response from everyone, just a summery of the
conclusions:

1.  This is a Microsoft Application problem, from Word, excel, etc from way
back as far as Word 2.0

2.  This has been reported before to Microsoft, without any kind of
response or patch, etc

3.  The problem is that the Microsoft Applications take RAM or Buffer
blocks to fill out application files - reading plaintext, etc,
indiscriminately.

4.  Suggestions to turn off the 'Fast Save' option help, but do not by any
means eliminate the problem.

5.  There is no other Fix - other than not attaching an application
document to send to anyone who could possibly use it maliciously.

6.  I think I have heard the opinions from everyone EXCEPT any sort of
Microsoft rep, surprised?

7.  It would be a simple fix of encrypting the 'fill' information with a
simple MD5 encryption or something similar, just to eliminate any plaintext.

Thanks to everyone for their suggestions and information....

Cheers

Mike

 --------------------------------------------------
| Mike Morton       DXStorm Geek Team Leader       |
|                                                  |
| mike () dxstorm com  | DXShop ...Open For Business! |
 --------------------------------------------------
|   Quality Developers of Above Quality Solutions  |
|           http://www.dxshop.com                  |
 --------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: