[16488] in bugtraq
Re: Microsoft Word documents that "phone" home
daemon@ATHENA.MIT.EDU (James Hoagland)
Fri Sep 1 16:43:41 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Message-ID: <a0431011cb5d4341d6c3d@[10.0.0.8]>
Date: Thu, 31 Aug 2000 09:22:20 -0700
Reply-To: James Hoagland <hoagland@SILICONDEFENSE.COM>
From: James Hoagland <hoagland@SILICONDEFENSE.COM>
X-To: "Richard M. Smith" <rms@PRIVACYFOUNDATION.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NDBBKGHPMKBKDDGLDEEHGEMCEHAA.rms@privacyfoundation.org>
This loading of external URLs could also be used to cause the viewer
of the document to visit web sites they did not intent and that they
might catch some heat for doing (e.g., porn sites). Web page authors
already have this ability, though in the document case, it may be
possible to obscure the origin of the document.
I wonder if this could be used as a part of a DDOS against a site.
Perhaps including lots of references to images on the victim site.
Just some random thoughts.
Regards,
Jim
At 10:52 AM -0400 8/30/00, Richard M. Smith wrote:
>Hi,
>
>The Privacy Foundation has just released an advisory
>on an issue that we discovered earlier this month
>in Microsoft Word. We found that it is possible to
>embedded "Web bugs" in Word documents. The Web bugs
>allow the author of a document to track via the Internet
>where a document is being read. The trick could be used
>to monitor leaks of confidential documents from a
>organization to outsiders as well as detecting
>copyright violations. In addition, it is also
>possible to place Web bugs in individual paragraphs
>and detect when the text is copied from one Word
>document to another.
>
>The complete advisory is available at the Foundation's
>Web site:
>
> http://www.privacyfoundation.org/advisories/advWordBugs.html
>
>A demonstration "bugged" document for Word 97 and Word 2000
>has been set up at:
>
> http://www.privacycenter.du.edu/demos/bugged.doc
>
>We also found that Excel 2000 spreadsheet files and
>PowerPoint 2000 slideshows can be "bugged" in the same
>manner.
>
>Richard
>
>================================================
>Richard M. Smith
>Chief Technology Officer
>Privacy Foundation
>
>Email: rms@privacyfoundation.org
>http://www.privacyfoundation.org
>================================================
--
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland@SiliconDefense.com *|
|* Voice: (707) 445-4355 x13 Fax: (707) 826-7571 *|
