Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Protection Bypass Vulnerability in Microsoft Word
Microsoft Word contains a protection-bypass vulnerability. By performing a simple process, a malicious user can unprotect a protected document without the use of a password cracker or other special tools.
Ken Pfeil
January 4, 2004
3 Min Read
Reported January 4, 2004 by Thorsten Delbrouck.
VERSIONS AFFECTED
Microsoft Word 2003 and 2002 (XP)
DESCRIPTION
Microsoft Word contains a protection-bypassvulnerability. By performing a simple process (outlined in the demonstration below), a malicious user can unprotect a protected document without the use of a password cracker or other special tools.
DEMONSTRATION The discoverer posted the following demonstration as proof of concept:
1.) Open a protected document in Word.
2.) Choose the Save As Web Page (*.htm; *.html) option and close Word.
3.) Open the HTML document in any text editor.
4.) Search the tag for a line that looks like: ABCDEF01. Gather the password.
5.) Open the original .doc document with any hex editor.
6.) Search for hex values of the password (reverse order).
7.) Overwrite all four double-bytes with 0x00. Save, and close.
8.) Open the document in Word. Select Tools, Unprotect Document. Password is blank.
VENDOR RESPONSE
Microsoft has been notified.
CREDIT
Discovered byThorsten Delbrouck.
Read more about:
MicrosoftAbout the Author(s)
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
.jpg?width=700&auto=webp&quality=80&disable=upscale)