[mso] Security Flaw in MS Word Solved

• From: "Linda F. Johnson" <linda@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: MSO Freelist Group <mso@xxxxxxxxxxxxx>
• Date: Sat, 21 Sep 2002 08:16:36 -0400

Hey gang...Dian sent this to a bunch of other Office/Word groups and
asked me if she could post it here.....so here it is....thank you Dian!
_________________________

Hi folks...

The info below is a kind of unofficial Microsoft Word MVP release
notice. 

Famed Word MVP and developer, Bill Coan, built a fix for the Word hidden
field security issue so many of you surely heard about recently. He
built this free fix for users right after the problem was discovered.
Bill had planned to have this info shared through a popular Office user
newsletter, but due to some...ahem...editorial mixup, it wasn't
published. So the newsletter editors apparently decided to build their
own version and not pass Bill's info to their readers at this time. 

I just got a copy from the Word MVP group and planned to hold this info
for the October issue of my TechTrax Ezine...but it's too important for
Word 97, 2000 and 2002 users, so I don't want to hold the info up. This
article will still be published in TechTrax, but I hope the group
monitors here won't mind me passing it along now to benefit these
groups. Feel free to pass this info to all who will benefit from this
free fix. By the way...Word MVPs have done testing on both versions and
Bill's works great...whereas the other version tested missed some hidden
fields.

Note...Bill is not only a wonderful guy, fantastic Word developer and
Microsoft MVP for many years, he's also a TechTrax writer and you can
read more about Bill's credentials at this link:
http://pubs.logicalexpressions.com/Pub0009/LPMFrame.asp?CMD=AuthorDetail
&ID=9

Here's the Word security fix info...
- - - - - - - - - - - - - - - - - - 

The massive computer security flaw discovered last week in Microsoft
Word documents has been solved. The solution consists of an addin
software package for Word, called the Hidden File Detector(tm) addin for
Word 97/2K/XP.

The addin can be downloaded for free from http://www.wordsite.com. It
allows users of Microsoft's popular word processing software to detect
files hidden inside a word processing document. Such files can contain
sensitive information about the user or the user's organization.

In addition to displaying details about each file hidden inside a
document, the addin can jump to the exact place in a document where a
hidden file is stored. Without the software, users could easily miss
files hidden in headers and footers, footnotes, endnotes, comments, or
drawing objects.

Software developer Bill Coan recommended that users not share Word
documents with anyone outside their immediate circle of trust until
they've addressed the hidden file security flaw. Coan has offered the
source code for his software package to Microsoft Corporation. He
expects Microsoft to proceed carefully before addressing the security
flaw because the mechanism used for hiding files in a document has many
legitimate purposes.

"If Microsoft disables the ability to incorporate external files into a
Word document, hundreds of thousands, perhaps millions of legitimate
users would be very greatly inconvenienced and their productivity and
effectiveness would suffer," Coan said. "Therefore, the solution is
likely to involve helping users detect hidden files, rather than
eliminating entirely the mechanism by which files can be hidden. The
Hidden File Detector addin provides that help now."

Coan specializes in document automation. He decided to offer his Hidden
File Detector addin immediately and at no cost in hopes that users
around the world wouldn't lose faith in the security of documents
created with Microsoft Word.

For more information about the Hidden File Detector addin, or to
download a free copy of it, visit http://www.wordsite.com.
- - - - - - - - - - - - - - - - - 

Dian Chapman
Technical Consultant, Instructor,
Microsoft MVP & TechTrax Editor

Word AutoForm/VBA eBook: http://www.mousetrax.com/books.html
Tutorial web site: http://www.mousetrax.com/techpage.html
TechTrax Ezine: http://www.mousetrax.com/techtrax/
_____________________________________
Linda
Publisher ~ ABC ~ All 'Bout Computers
Owner ~ Linda's Computer Stop
http://personal-computer-tutor.com
FREE MS Office eBook Tutorial
http://personal-computer-tutor.com/library.htm


*************************************************************
You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx or 
MicrosoftOffice@xxxxxxxxxxxxxxxx

To send mail to the group, simply address it to mso@xxxxxxxxxxxxx

To Unsubscribe from this group, send an email to 
mso-request@xxxxxxxxxxxxx?Subject=unsubscribe

Or, visit the group's homepage and use the dropdown menu.  This will also allow 
you to change your email settings to digest or vacation (no mail).
//www.freelists.org/webpage/mso

To be able to use the files section for sharing files with the group, send a 
request to mso-moderators@xxxxxxxxxxxxx and you will be sent an invitation with 
instructions.  Once you are a member of the files group, you can go here to 
upload/download files:
http://www.smartgroups.com/vault/msofiles
*************************************************************

Other related posts:

• » [mso] Security Flaw in MS Word Solved

1. Home
2. mso
3. Archive
4. 09-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---