|
Vulnerability MS Office 98 (Word98 vulnerability described) Affected MacOS With MS Office 98 Description Mike Morton found following: 1. Open a few documents, work on your Macintosh for a while. 2. Open word 98 and compose a message, then save it to your dirve. 3. Attach the document to an email, and send it. 4. open the resulting document from the email when you receive it in BBEdit. The file can be read plain text with all sorts of juicy information like passwords, URLS, document locations, etc, all from the origionating computer. We have been able to successfully gleam passwords and logins from the file, IN PLAIN TEXT. It contains information that is MONTHS old from the orginating computer. This was tested only on the Macintosh version of Word 98, and the emails were sent via Eudora. Btw, if you open the saved document on your harddrive - you get the same results! This is reproducable from Word 2.0 version. While the likelihood of revealing sensitive information is low, if this file were then sent to another user, it could possibly expose data from a previously deleted file on the sender's system. The problem is caused by the way Office 98 allocates space on a disk for local file storage. The Mac OS -- like many other OS' file systems -- does not erase files when you delete them, it simply removes a reference to them in the disk's catalog, and marks the space they occupied as "free." Office 98 does not clear the disk space when the Mac OS allocates it during a File Save operation. Instead, Office 98 simply writes the file contents to the allocated disk space, overwriting any random data that physically existed on the disk. Since the Mac OS allocates the disk space in set chunks, called clusters, the small amount of unused space at the end of the file's last cluster may contain random data from previously-deleted files. The data cannot be viewed when opened as a native Office file. However, an ASCII text editor can be used to view the extraneous data. Solution Microsoft recommends that customers using Office 98 for the Macintosh install the available Office 98 update, which can be downloaded from the Office 98 for the Macintosh web site at: http://www.microsoft.com/macoffice Previous versions of Office for the Macintosh are not affected. Customers who cannot apply the hot fix can use the following workarounds to temporarily address this issue: - This problem can be eliminated by using a third party disk utility for the Mac OS that completely erase files when they are deleted. - Users can save files to freshly formatted floppy disks to ensure that there is no unwanted data included with the file. - This issue only affects files that are saved to a local Macintosh volume. By performing a "Save As..." operation from Office 98 and saving the file to network volume, such a to a Windows NT Server running Services for Macintosh, any random data at the end of the file will be removed.