R: UPDATED: MS Word - password protection vulnerabilty

[s.zdrojewski () itvirtualcommunity net]

Actually these problems seems to be solved using SP3 of Office XP Published
on MS04-009.

Cheers

-

> -----Messaggio originale-----
> Da: Andrew W Barkley [mailto:abarkle3 () csc com]
> Inviato: giovedì 25 marzo 2004 20.09
> A: bugtraq () securityfocus com
> Oggetto: UPDATED: MS Word - password protection vulnerabilty
> Priorità: Alta
>
> Hi ...
>
>
> There are several vulnerabilities published/discussed regarding MS Word &
> MS Office in general, however, 'tis is the most "no brainer" I've
> discovered ...
>
> Vulnerability:
> Password protected document that has "tracked changes, comments or forms"
> password protected
>
> Vulerable:
> MS Word (Win2K/XP)
>
>
> Example 1
> 1) Open MS Word with a new/blank page
> 2) Now select "Insert" >> "File" & browse for your password protected doc
> &
> select "Insert" & "Insert" into your new/blank doc
> 3) Now select Tools >> & Whey hey, voila, there's no longer an "Unprotect
> document" ... password vanished ...
>
> Example 2
> 1) Open your password protected doc in MS Word i.e. you can't edit
> protected fields (apparently)
> 2) Save as a Rich Text Format (RTF) & keep this RTF file open in MS Word
> (YES, keep open)
> 3) Whilst your new RTF file is open in MS Word, go "File Open" & find your
> newly saved RTF file & open (YES, you DO need to do 'tis even though you
> already have it open)
> 4) If prompted to revert say YES, if not prompted stay calm.  Now in your
> MS Word menu go & "Unprotect Document", amazingly, voila, you don't get
> prompted for a password
>
>
> Change password if ya like & or save in whatever format if ya like ...
>
>
> L0phtphrack :-/


Sebastian "En3pY" Zdrojewski
IT Development
IT Virtual Community
http://www.itvc.net