word98.mac.txt

1999-08-17T00:00:00
ID PACKETSTORM:12292
Type packetstorm
Reporter eEye Digital Security
Modified 1999-08-17T00:00:00

Description

                                        
                                            ` Article Title   
  
Macintosh version of Word '98 includes sensitive material in document files.  
  
  
  
Article Summary   
Microsoft recently released a patch that solves a serious security problem in Word '98 for Macintosh.   
It seems that Word '98 includes unrelated data taken from the hard-drive. This data can contain  
passwords, or other confidential information that is on the hard-drive.  
  
  
  
Article Details   
Since Word ignores the logical end of file and includes the entire contents of the final disk sector in the file,  
other information can be placed in a document file. When this file is sent to other recipients, the hidden data  
is sent with it.  
This data is not viewable by Word, but any binary editor can view the file and reveal the information in it.   
Although Microsoft claims only information from the hard drive is placed in the document (a bad thing by  
itself!) several reports mention that information from the memory is included as well.  
  
  
  
Additional information   
MacInTouch magazine has conducted a thorough research on this problem:  
http://www1.macintouch.com/o98security.html   
Microsoft has published a knowledge base article on this matter:  
http://www.microsoft.com/macoffice/productinfo/issues.htm   
And also released a patch that solves this problem:  
http://www.microsoft.com/macoffice/productinfo/98dl/offi98patch.htm   
`