Forwarded From: Aleph One <aleph1@dfw.net>
[ This is a wonderful example of the press at work. I was contacted by
a wired staff member last week about this story. Sorry, I don't recall
if it was Chris or someone else. At that time they wanted to talk to
me and get a quote. They wanted to go to press as soon as possible.
I told them I was still looking into the matter and if he could call me
back in five minutes. He agreed. I knew I had seen this problem before
but could not remember where. I looked in the bugtraq archives and could
find nothing. I probably saw it while I was subscribed to cypherpunks a
long time ago. In any case, I searched the MS KB and found the article
talking about the OLE fix. Five minutes later I got a call from the same
reporter and I explained to him there was a fix for the problem
available for several months. Whats more the fix had been included in
the Windows 95 SP1 so most new version of Win95 should be safe. After
being informed of this the reported decided he no longer had a story and
would simply file the information someplace. Now is a few days later and
we got this article from wired. There is no mention to the fact that SP1
includes the fix. There is also no mention to how long the fix is been
out (months). They said they could not reach MS in time but I know they
been researching this story for days. In any case the problem does not
seem to have anything to do with RAM but on the way FAT allocated space
for files. So much for accurate reporting. - a1 ]
http://www.wired.com/news/news/technology/story/13342.html
MS Office Leaks Sensitive Data
by Chris Oakes
6:15pm 29.Jun.98.PDT
Microsoft has acknowledged a security vulnerability in its Office
application suite that can potentially reveal sensitive data residing
on a user's computer.
The bug reveals information that resides in a user's RAM and memory
buffers -- such as user IDs and passwords -- when users save Microsoft
Word, Excel, and PowerPoint documents. To access the potentially
sensitive information contained inside a document, a user simply has
to open the file using a text-editing program such as BBEdit or
Windows Notepad.
"I've received numerous emails confirming it in Windows," programmer
Mike Morton said last week. Morton, of the ecommerce company DXStorm,
recently reported his own experience with the bug to the BugTraq
mailing list, which issued an alert last week.
Microsoft (MSFT) says the bug affects users of Excel 7.0,
PowerPoint 7.0, and Word 6.0 and 7.0 on the Windows 95 platform. The
bug may be of particular interest to users who attach Office documents
in emails, which could reveal the potentially sensitive information to
all recipients of the attached document.
Microsoft has released a patch for the bug, which is described as
an "OLE Update for Windows 95."
"Due to the way Microsoft Excel, Microsoft PowerPoint, and Microsoft
Word for Windows use OLE for file storage, documents created in these
programs may contain extraneous data from previously deleted files,"
the Microsoft site reads. "This extraneous data is not visible within
the document and does not affect your ability to use these programs
normally. However, it is possible that legible portions of previously
deleted files may be viewable if you examine these document files
using Notepad or file-utility software."
The situation could pose security and privacy concerns when these
documents are handled electronically, the alert says.
The type of information revealed in Office documents could include the
text of telnet sessions when user IDs and passwords are entered to
access remote services, the contents of disk directory paths, and the
URLs of visited Web sites. So far, Morton said he hasn't discovered
common textual information, such as email content or other sensitive
communciations. But he doesn't rule that out, either.
Morton said that in analyzing some of the information contained in his
company's documents, the information found there -- even in new
documents -- looks to be as much as a month old. This suggests that
the filler data may even be taken from dormant sections of the hard
disk. But mostly he's seen evidence that it comes from memory spaces.
"It looks like [Word] uses a chunk of buffer or RAM memory just to
fill out the minimum-size requirements of the document," Morton said.
"So pretty much anything that's residing in your memory it's grabbing
it and dumping it into the document."
Morton said his company will suspend using Microsoft applications to
provide materials to its customers until it has resolved the problem.
The bug does not affect Microsoft Windows NT users, but does affect
Word 98 for the MacOS, and no patch for that has been made available.
Microsoft could not be reached for comment in time for this story.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Jun 30 12:12:04 1998