Just how crappy is Microsoft Word?
I tell everyone that most Microsoft software is complexity coded too simply to do anything of value correctly... I've even wrote about the dangers of sending MS Word DOC files as attachments.
Here's more proof... if you use the "protect forms with a password" feature in MS Word (that prompts the end-user for a password in order to modify certain parts of the document), you aren't really protecting your content. A determined adversary could use the following procedure (via Bugtraq) to reset this password and change the document... all the time under your radar. Worse, this adversary could change the password, modify your content and then change it back again without you knowing the difference (what percentage of MS Word users have even heard of a "hex editor"?). If you're interested, read on...
Example: --------
1.) Open a protected document in MS Word
2.) Save as "Web Page (*.htm; *.html)", close Word
3.) Open html-document in any Text-Editor
4.) Search "<w:UnprotectPassword>" tag, the line reads something like
that: <w:UnprotectPassword>ABCDEF01</w:UnprotectPassword>
5.) keep the "password" in mind
6.) Open original document (.doc) with any hex-editor
7.) search for hex-values of the password (reverse order!)
8.) Overwrite all 4 double-bytes with 0x00, Save, Close
9.) Open document with MS Word, Select "Tools / Unprotect Document"
(password is blank)Variation:
----------If the 8 checksum bytes are replaced with the checksum of a known
password it should be fairly easy to unprotect the document, make any
necessary changes, save, close and reset the password to the original
(unknown!) password by simply restoring the original values. Document
changed without even knowing the password. Nasty.(Note: Take care to get file properties (author, organisation,
date/time etc.) right.)Solution:
---------No solution is currently available. Do not rely on the "Protect
Forms" mechanism to protect a Word document against changes.
Posted by joebeone at Enero 2, 2004 04:39 PM