RE: MS Word - password protection vulnerabilty

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RE: MS Word - password protection vulnerabilty
From: "C Ryll" <carolynryll@xxxxxxxxxxx>
Date: Fri, 26 Mar 2004 18:50:22 +0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

So, if I patch, then I cannot bypass the password mechanisms. But if I donot patch, then I still can... Or does a patched application allow for thecreation of a document in which the security controls cannot be bypassedusing an unpatched MS Word? Can a document from an unpatched applicationstill be bypassed in a patched MS Word?


It would be interesting to know the depth of patching in this situation.

Kind regards,
Carolyn

s.zdrojewski@xxxxxxxxxxxxxxxxxxxxxx
Sent by:
"Sebastian \"En3py\" Zdrojewski" <en3py@xxxxxxxxxxxxxxxxxxxxxx>
2004-03-26 01:57 AM


To:     "'Andrew W Barkley'" <abarkle3@xxxxxxx>
bugtraq@xxxxxxxxxxxxxxxxx
cc:     (bcc: Carolyn Ryll/ATL-BTL/MS/PHILIPS)
Subject:        R: UPDATED: MS Word - password protection vulnerabilty
Classification:



Actually these problems seems to be solved using SP3 of Office XP
Published
on MS04-009.

Cheers


_________________________________________________________________

FREE pop-up blocking with the new MSN Toolbar ? get it now!http://toolbar.msn.com/go/onm00200415ave/direct/01/

Prev by Date: LNSA-#2004-0006: bug workaround for Apache 2.0.48
Next by Date: Re: MS Outlook/Outlook Express Preview Pane Security Issue
Previous by thread: LNSA-#2004-0006: bug workaround for Apache 2.0.48
Next by thread: freshmeat.net: XSS Attack due to improper comment filtering.
Index(es):
- Date
- Thread