[33045] in bugtraq
Re: Microsoft Word Protection Bypass
daemon@ATHENA.MIT.EDU (Vladimir Katalov)
Thu Jan 8 13:09:47 2004
Date: 8 Jan 2004 10:56:05 -0000
Message-ID: <20040108105605.8267.qmail@sf-www3-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Vladimir Katalov <vkatalov@elcomsoft.com>
To: bugtraq@securityfocus.com
In-Reply-To: <OF60A8C9AA.4F52F3E5-ON00256E0F.003B08BA-C1256E0F.003B9AEC@localhost>
>To: bugtraq@securityfocus.com
>Cc: "Microsoft Security Response Center" <secure@microsoft.com>
>Subject: Microsoft Word Protection Bypass
>From: Thorsten Delbrouck-Konetzko <Thorsten.Delbrouck@guardeonic.com>
>Date: Fri, 2 Jan 2004 10:51:03 +0000
>Content-Type: multipart/mixed; boundary="=_mixed 003B9AC4C1256E0F_="
>
>Microsoft Word provides an option to protect "forms" by password. This is
>used to ensure that unauthorized users cannot manipulate the contents of
>documents except within specially designed "form" areas. This feature is
>also often used to protect documents which do not even have form areas
>(quotations/offers etc.).
>
>This form protection can easily be removed without any additional tools
>(apart from a hex-editor).
>
>Please find the full advisory attached.
Actually, we have reported about this problem almost three years ago at "Black Hat Windows Security 2001" conference (Las Vegas, Feb'2001), see:
http://www.blackhat.com/html/bh-multi-media-archives.html#Windows%20Security%202001
Here is the presentation ("Analysis of Microsoft Office Password Protection System, and Survey of Encryption Holes In Other MS Windows Applications") in PowerPoint format:
http://www.blackhat.com/presentations/win-usa-01/Malyshev/bh-win-01-malyshev.ppt
And streaming video:
rtsp://media-1.datamerica.com/blackhat/bh-usa-win-01/video/bh-usa-win-01-andrey-malyshev-video.rm
Microsoft, of course, was aware. There is an article published in Microsoft TechNet:
Ask Us About... Security, March 2001
http://www.microsoft.com/technet/columns/security/askus/auas0301.asp
Quote from there:
"Recovering Office passwords
Q: I'm creating a document using Microsoft Word that may potentially contain sensitive information. I note that Word has a password protection feature (under Tools/Protect Document). How strong is the security surrounding this feature?
A: I get a lot of mail asking about the strength of passwords for Office documents. As was demonstrated in an analysis of the Microsoft Office password protection system presented by ElcomSoft at Black Hat (see above), the password-protection features of these programs were not designed to be invincible. [...]"
You may also want to have a look at our software that can recover or remove this password, among many other ones:
Advanced Office XP Password Recovery
http://www.elcomsoft.com/aoxppr.html
--
Sincerely yours,
Vladimir
Vladimir Katalov
Managing Director
ElcomSoft Co.Ltd.
Member of Association of Shareware Professionals (ASP)
Member of Russian Cryptology Association
mailto:vkatalov@elcomsoft.com
http://www.elcomsoft.com
