Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Microsoft Word documents that "phone" home
From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade () sprint ca>
Date: Fri, 1 Sep 2000 10:24:39 -0800

Date:          Wed, 30 Aug 2000 10:52:51 -0400
From:          "Richard M. Smith" <rms () PRIVACYFOUNDATION ORG>

The Privacy Foundation has just released an advisory
on an issue that we discovered earlier this month
in Microsoft Word.  We found that it is possible to
embedded "Web bugs" in Word documents.  The Web bugs

A most interesting ... "function" in Word.  I do not use Word, of course,
because of the security problems, and generally rely on WordViewer to check
documents.  However, from the detail presented on your Web site, it wasn't
clear whether WordViewer was subject to the same (or similar) bugging activity.
So I tried it.

I downloaded the document, and opened it first in Word, to see what would
happen.  Then I tried it in WordViewer.  WordViewer is subject to the bugging
activity, but not quite in the same way.  In WordViewer, there is obviously
some function lacking that does not result in your second "gotcha" display.
Because of this failure, WordViewer makes repeated accesses to the server.  (If
you will check your server logs, you will find a few hundred requests from the
same address all within the space of a minute or two.)  Obviously some
functionality is missing, but the combination of WordViewer and Web bugs would
seem to have all the makings of a good denial of service attack.  For both the
client and the server  :-)

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
            Absurdiveness Training: Don't get even, get odd.
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]