Macintosh version of Microsoft Word '98 includes sensitive material in document files. Specifically, document files created in Word '98 frequently include unrelated data taken from the hard-drive. This data can contain passwords, or other confidential information that is on the hard-drive. 9902-exploits/ws_ftp-DoS.txt WS_FTP Server Remote Denial of Service Attack. Exploit example included.
cfba308b0139e7c2f2d406029d0033be1c7b5c3e93df2d0bee8fc167bf33e9d2
Article Title
Macintosh version of Word '98 includes sensitive material in document files.
Article Summary
Microsoft recently released a patch that solves a serious security problem in Word '98 for Macintosh.
It seems that Word '98 includes unrelated data taken from the hard-drive. This data can contain
passwords, or other confidential information that is on the hard-drive.
Article Details
Since Word ignores the logical end of file and includes the entire contents of the final disk sector in the file,
other information can be placed in a document file. When this file is sent to other recipients, the hidden data
is sent with it.
This data is not viewable by Word, but any binary editor can view the file and reveal the information in it.
Although Microsoft claims only information from the hard drive is placed in the document (a bad thing by
itself!) several reports mention that information from the memory is included as well.
Additional information
MacInTouch magazine has conducted a thorough research on this problem:
http://www1.macintouch.com/o98security.html
Microsoft has published a knowledge base article on this matter:
http://www.microsoft.com/macoffice/productinfo/issues.htm
And also released a patch that solves this problem:
http://www.microsoft.com/macoffice/productinfo/98dl/offi98patch.htm