[32981] in bugtraq
Microsoft Word Protection Bypass
daemon@ATHENA.MIT.EDU (Thorsten Delbrouck-Konetzko)
Fri Jan 2 15:43:16 2004
To: bugtraq@securityfocus.com
Cc: "Microsoft Security Response Center" <secure@microsoft.com>
MIME-Version: 1.0
Message-ID: <OF60A8C9AA.4F52F3E5-ON00256E0F.003B08BA-C1256E0F.003B9AEC@localhost>
From: Thorsten Delbrouck-Konetzko <Thorsten.Delbrouck@guardeonic.com>
Date: Fri, 2 Jan 2004 10:51:03 +0000
Content-Type: multipart/mixed; boundary="=_mixed 003B9AC4C1256E0F_="
--=_mixed 003B9AC4C1256E0F_=
Content-Type: text/plain; charset="US-ASCII"
Hi all,
Microsoft Word provides an option to protect "forms" by password. This is
used to ensure that unauthorized users cannot manipulate the contents of
documents except within specially designed "form" areas. This feature is
also often used to protect documents which do not even have form areas
(quotations/offers etc.).
This form protection can easily be removed without any additional tools
(apart from a hex-editor).
Please find the full advisory attached.
best regards,
/tdk
--
Thorsten Delbrouck
Chief Information Officer
Guardeonic Solutions AG
Rosenheimer Str. 116
D-81669 Munich
---------------------------------
--=_mixed 003B9AC4C1256E0F_=
Content-Type: text/plain; name="adv_microsoft_word_protection.txt"
Content-Disposition: attachment; filename="adv_microsoft_word_protection.txt"
Content-Transfer-Encoding: base64
R3VhcmRlb25pYyBTb2x1dGlvbnMgQUcNCiAgIFRob3JzdGVuIERlbGJyb3VjayA8dGRrQGd1YXJk
ZW9uaWMuY29tPg0KICAgaHR0cDovL3d3dy5ndWFyZGVvbmljLmNvbS8NCg0KU2VjdXJpdHkgQWR2
aXNvcnkgIzAxLTIwMDQNCg0KQWR2aXNvcnkgTmFtZTogICAgICAgICAgTWljcm9zb2Z0IFdvcmQg
Rm9ybSBQcm90ZWN0aW9uIEJ5cGFzcw0KUmVsZWFzZSBEYXRlOiAgICAgICAgICAgMjAwNC0wMS0w
Mg0KQWZmZWN0ZWQgUHJvZHVjdDogICAgICAgTWljcm9zb2Z0IFdvcmQNClBsYXRmb3JtOiAgICAg
ICAgICAgICAgIE1pY3Jvc29mdCBXaW5kb3dzLCBwcm9iYWJseSBBcHBsZSBNYWMgT1MNClZlcnNp
b246ICAgICAgICAgICAgICAgIHRlc3RlZCBvbiAyMDAwLCAyMDAyIChYUCksIDIwMDMsDQogICAg
ICAgICAgICAgICAgICAgICAgICBwcm9iYWJseSBvdGhlciB2ZXJzaW9ucyB2dWxuZXJhYmxlIGFz
IHdlbGwNCg0KU2V2ZXJpdHk6ICAgICAgICAgICAgICAgRG9jdW1lbnQgKCJGb3JtIikgcHJvdGVj
dGlvbiBjYW4gYmUgZWFzaWx5IHJlbW92ZWQNCg0KQXV0aG9yOiAgICAgICAgICAgICAgICAgVGhv
cnN0ZW4gRGVsYnJvdWNrIDx0ZGtAZ3VhcmRlb25pYy5jb20+DQoNClZlbmRvciBDb21tdW5pY2F0
aW9uOiAgIDIwMDMtMTEtMjcsIDEwOjMwIFVUQyBNaWNyb3NvZnQgbm90aWZpZWQNCiAgICAgICAg
ICAgICAgICAgICAgICAgIHRvOiBzZWN1cmVAbWljcm9zb2Z0LmNvbQ0KICAgICAgICAgICAgICAg
ICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAyMDAzLTExLTI3IGNvbmZpcm1lZCBy
ZWNlaXB0DQogICAgICAgICAgICAgICAgICAgICAgICBmcm9tOiBzZWN1cmVAbWljcm9zb2Z0LmNv
bQ0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAyMDAz
LTEyLTAzIE5vdGUgZnJvbSBNaWNyb3NvZnQsIEZvcm0gDQogICAgICAgICAgICAgICAgICAgICAg
ICBwcm90ZWN0aW9uICJpcyBub3QgaW50ZW5kZWQgYXMgYSBmdWxsLXByb29mIA0KICAgICAgICAg
ICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBmb3IgdGFtcGVyaW5nIG9yIHNwb29maW5nLCB0aGlz
IGlzIA0KICAgICAgICAgICAgICAgICAgICAgICAgbWVyZWx5IGEgZnVuY3Rpb25hbGl0eSB0byBw
cmV2ZW50IGFjY2lkZW50YWwgDQogICAgICAgICAgICAgICAgICAgICAgICBjaGFuZ2VzIG9mIGEg
ZG9jdW1lbnQiLCByZXF1ZXN0IGFkZGl0aW9uYWwgDQogICAgICAgICAgICAgICAgICAgICAgICB0
aW1lIHRvIHVwZGF0ZSBNaWNyb3NvZnQgS25vd2xlZGdlIEJhc2UgDQogICAgICAgICAgICAgICAg
ICAgICAgICBhcnRpY2xlLiBUYXJnZXR0aW5nIGJlZ2lubmluZyBvZiBKYW51YXJ5IDIwMDQgDQog
ICAgICAgICAgICAgICAgICAgICAgICBmb3IgcmVsZWFzZSBvZiB0aGlzIGFkdmlzb3J5Lg0KICAg
ICAgICAgICAgICAgICAgICAgICAgZnJvbTogIk1hZ251cyIgPHNlY3VyZUBtaWNyb3NvZnQuY29t
Pg0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAyMDAz
LTEyLTA4IE1pY3Jvc29mdCBoYXMgYWxyZWFkeSByZWxlYXNlZCB0aGUgDQogICAgICAgICAgICAg
ICAgICAgICAgICBLQiBhcnRpY2xlIChvciBhZGRlZCBhIHdhcm5pbmcgdG8gYW4gZXhpc3Rpbmcg
DQogICAgICAgICAgICAgICAgICAgICAgICBhcnRpY2xlKS4gUmVhZCB0aGUgS0IgYXJ0aWNsZSBh
dA0KICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3N1cHBvcnQubWljcm9zb2Z0LmNvbS8/
aWQ9ODIyOTI0IA0KICAgICAgICAgICAgICAgICAgICAgICAgZnJvbTogIk1hZ251cyIgPHNlY3Vy
ZUBtaWNyb3NvZnQuY29tPg0KDQogICAgICAgICAgICAgICAgICAgICAgICANCk92ZXJ2aWV3Og0K
LS0tLS0tLS0tDQoNCldvcmQgcHJvdmlkZXMgYW4gb3B0aW9uIHRvIHByb3RlY3QgImZvcm1zIiBi
eSBwYXNzd29yZC4gVGhpcyBpcyB1c2VkIA0KdG8gZW5zdXJlIHRoYXQgdW5hdXRob3JpemVkIHVz
ZXJzIGNhbiBub3QgbWFuaXB1bGF0ZSB0aGUgY29udGVudHMgb2YgDQpkb2N1bWVudHMgZXhjZXB0
IHdpdGhpbiBzcGVjaWFsbHkgZGVzaWduZWQgImZvcm0iIGFyZWFzLiBUaGlzIGZlYXR1cmUgDQpp
cyBhbHNvIG9mdGVuIHVzZWQgdG8gcHJvdGVjdCBkb2N1bWVudHMgd2hpY2ggZG8gbm90IGV2ZW4g
aGF2ZSBmb3JtIA0KYXJlYXMgKHF1b3RhdGlvbnMvb2ZmZXJzIGV0Yy4pLg0KDQooV29yZCB1c2Vy
cyB3aWxsIGZpbmQgdGhpcyBvcHRpb24gb24gdGhlICJUb29scyIgbWVudSwgZW50cnkgDQoiUHJv
dGVjdGlvbiIsIHNlbGVjdCAiRm9ybXMiIHRoZXJlIGFuZCBwcm92aWRlIGEgcGFzc3dvcmQpDQoN
CklmIGEgV29yZCBkb2N1bWVudCBpcyAicHJvdGVjdGVkIiBieSB0aGlzIG1lY2hhbmlzbSwgdXNl
cnMgY2Fubm90IA0Kc2VsZWN0IHBhcnRzIG9mIHRoZSB0ZXh0IG9yIHBsYWNlIHRoZSBjdXJzb3Ig
d2l0aGluIHRoZSB0ZXh0IC0tLSB0aHVzIA0KdGhleSBjYW5ub3QgbWFrZSBhbnkgY2hhbmdlcyB0
byB0aGUgZG9jdW1lbnQuDQoNCkRlc2NyaXB0aW9uOg0KLS0tLS0tLS0tLS0tDQoNCldoZW4gc2F2
aW5nIHByb3RlY3RlZCBXb3JkLWRvY3VtZW50cyBhcyBodG1sLWZpbGVzLCBXb3JkIGFkZHMgYSAN
CiJjaGVja3N1bSIgb2YgdGhlIHBhc3N3b3JkIChlbmNsb3NlZCBpbiBhIHByb3ByaWV0YXJ5IHRh
ZykgdG8gdGhlIA0KY29kZS4gVGhlIGNoZWNrc3VtIGZvcm1hdCBsb29rcyBzb21ld2hhdCBsaWtl
IENSQzMyIGJ1dCBjdXJyZW50bHkgDQp0aGVyZSBhcmUgbm8gZnVydGhlciBkZXRhaWxzIGF2YWls
YWJsZS4gVGhlIHNhbWUgY2hlY2tzdW0gY2FuIGJlIA0KZm91bmQgd2l0aGluIHRoZSBvcmlnaW5h
bCBXb3JkIGRvY3VtZW50IChoZXhhZGVjaW1hbCB2aWV3KS4gSWYgdGhpcyANCiJjaGVja3N1bSIg
aXMgcmVwbGFjZWQgYnkgMHgwMDAwMDAwMCB0aGUgcGFzc3dvcmQgZXF1YWxzIGFuIGVtcHR5IA0K
c3RyaW5nLg0KDQpFeGFtcGxlOg0KLS0tLS0tLS0NCg0KMS4pIE9wZW4gYSBwcm90ZWN0ZWQgZG9j
dW1lbnQgaW4gTVMgV29yZA0KMi4pIFNhdmUgYXMgIldlYiBQYWdlICgqLmh0bTsgKi5odG1sKSIs
IGNsb3NlIFdvcmQNCjMuKSBPcGVuIGh0bWwtZG9jdW1lbnQgaW4gYW55IFRleHQtRWRpdG9yDQo0
LikgU2VhcmNoICI8dzpVbnByb3RlY3RQYXNzd29yZD4iIHRhZywgdGhlIGxpbmUgcmVhZHMgc29t
ZXRoaW5nIGxpa2UgDQogICAgdGhhdDogPHc6VW5wcm90ZWN0UGFzc3dvcmQ+QUJDREVGMDE8L3c6
VW5wcm90ZWN0UGFzc3dvcmQ+DQo1Likga2VlcCB0aGUgInBhc3N3b3JkIiBpbiBtaW5kDQo2Likg
T3BlbiBvcmlnaW5hbCBkb2N1bWVudCAoLmRvYykgd2l0aCBhbnkgaGV4LWVkaXRvcg0KNy4pIHNl
YXJjaCBmb3IgaGV4LXZhbHVlcyBvZiB0aGUgcGFzc3dvcmQgKHJldmVyc2Ugb3JkZXIhKQ0KOC4p
IE92ZXJ3cml0ZSBhbGwgNCBkb3VibGUtYnl0ZXMgd2l0aCAweDAwLCBTYXZlLCBDbG9zZQ0KOS4p
IE9wZW4gZG9jdW1lbnQgd2l0aCBNUyBXb3JkLCBTZWxlY3QgIlRvb2xzIC8gVW5wcm90ZWN0IERv
Y3VtZW50IiANCiAgICAocGFzc3dvcmQgaXMgYmxhbmspDQoNClZhcmlhdGlvbjoNCi0tLS0tLS0t
LS0NCg0KSWYgdGhlIDggY2hlY2tzdW0gYnl0ZXMgYXJlIHJlcGxhY2VkIHdpdGggdGhlIGNoZWNr
c3VtIG9mIGEga25vd24gDQpwYXNzd29yZCBpdCBzaG91bGQgYmUgZmFpcmx5IGVhc3kgdG8gdW5w
cm90ZWN0IHRoZSBkb2N1bWVudCwgbWFrZSBhbnkgDQpuZWNlc3NhcnkgY2hhbmdlcywgc2F2ZSwg
Y2xvc2UgYW5kIHJlc2V0IHRoZSBwYXNzd29yZCB0byB0aGUgb3JpZ2luYWwgDQoodW5rbm93biEp
IHBhc3N3b3JkIGJ5IHNpbXBseSByZXN0b3JpbmcgdGhlIG9yaWdpbmFsIHZhbHVlcy4gRG9jdW1l
bnQgDQpjaGFuZ2VkIHdpdGhvdXQgZXZlbiBrbm93aW5nIHRoZSBwYXNzd29yZC4gTmFzdHkuDQoN
CihOb3RlOiBUYWtlIGNhcmUgdG8gZ2V0IGZpbGUgcHJvcGVydGllcyAoYXV0aG9yLCBvcmdhbmlz
YXRpb24sIA0KZGF0ZS90aW1lIGV0Yy4pIHJpZ2h0LikNCg0KU29sdXRpb246DQotLS0tLS0tLS0N
Cg0KTm8gc29sdXRpb24gaXMgY3VycmVudGx5IGF2YWlsYWJsZS4gRG8gbm90IHJlbHkgb24gdGhl
ICJQcm90ZWN0IA0KRm9ybXMiIG1lY2hhbmlzbSB0byBwcm90ZWN0IGEgV29yZCBkb2N1bWVudCBh
Z2FpbnN0IGNoYW5nZXMuDQoNCkNyZWRpdHM6DQotLS0tLS0tLQ0KDQpNYWdudXMgZnJvbSB0aGUg
TWljcm9zb2Z0IFNlY3VyaXR5IFJlc3BvbnNlIENlbnRlciBmb3IgaGlzIGZhc3QgDQpyZXNwb25z
ZXMgYW5kIGZvciBzaG93aW5nIGEgZGVjZW50IHNlbnNlIG9mIGh1bW91ci4gOi0pDQoNCg==
--=_mixed 003B9AC4C1256E0F_=--
