UPDATED: MS Word - password protection vulnerabilty
Hi ...
There are several vulnerabilities published/discussed regarding MS Word (MS
Office) in general, however, 'tis is the most "no brainer" I've discovered ...
Vulnerability:
Password protected document that has "tracked changes, comments or forms"
password protected
Vulnerable:
MS Word (Win2K/XP)
Example 1
1) Open MS Word with a new/blank page
2) Now select "Insert" >> "File" >> browse for your password protected doc &
select "Insert" & "Insert" password protected doc into your new/blank doc
3) Now select "Tools" & Whey hey, voila, there's no longer an "Unprotect
document" ... password vanished ...
Example 2
1) Open your password protected doc in MS Word i.e. you can't edit protected
fields (apparently)
2) Save as a Rich Text Format (RTF) & keep this RTF file open in MS Word (YES,
keep open)
3) Whilst your new RTF file is open in MS Word, go "File Open" & find your
newly saved RTF file & open (YES, you DO need to do 'tis even though you
already have it open)
4) If prompted to revert say YES, if not prompted stay calm. Now in your MS
Word menu go & "Unprotect document", amazingly, voila, you don't get prompted
for a password
Change password if ya like & or save in whatever format if ya like ...
L0phtphrack ;-/