ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Online business Toolkit

MS .doc bug hibernates on Net

Bruce Simpson, ZDNet Australia ZDNet Australia

Published: 07 May 2002 14:33 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A security hole affecting old copies of some Microsoft Office applications may have left a legacy of data leaks with the potential to reveal sensitive information and weaken security on government and commercial Web sites around the world.

The Google search engine reports that there are over half a million MS Word .doc files presently available for download from dot-com Web sites. Of these, a small but significant percentage have been created using versions of the software known to create "leaky" documents.

First discovered in 1998, the bug causes random fragments of data from previously deleted files to be included in areas of a document that are otherwise unused. This random data can contain virtually anything that might have once been stored on the creator's computer, including passwords, sections of other documents, correspondence, etc.

Anyone downloading affected documents and browsing them with a binary editor can easily view this extra information, although it remains otherwise invisible.

The applications responsible for producing these leaky documents were Microsoft Word versions 6.0 and 7.0 plus version 7.0 of PowerPoint and Excel. Although a patch was quickly released to plug the hole, documents created before the patch was applied, and not subsequently edited, may still contain the unexpected snippets of sensitive data.

US Government Web sites also appear vulnerable to these potential legacy leaks with some 240,000 MS Word documents and 32,000 PowerPoint files being listed by Google under the .gov top-level domain. A small sampling indicates that up to 5 percent of these documents may have been created with the buggy versions of the software.

The problem appears to be a global one, although more pronounced in areas where the Net was in common use before the flaw was uncovered. Potentially leaky documents have been discovered on the government Web sites of a number of other countries including Canada, France, Australia and New Zealand.

For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
37 out of 67 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business


Company/Topic Alerts

Create a new alert from the list below:









Related Jobs

Technical Author - Contract - London - URGENT

Technical procedures and diagrams must be produced using Microsoft Word and Visio to enable the support teams to maintain the documents once ...

EXCITING... EICA DESIGN ENGINEER FOR WATER INDUSTRY... EXCITING

This will involve detailed checking of supplier documents such as starter schematics, cable schedules, functional design specifications, HMI mimics ...

Implementation Consultant - Calypso or Murex experts required !!

Project, Excel, PowerPoint and Word) (Real Resourcing acts as an Employment Agency and an Employment Business) Leading Investment banking consultancy ...

Sentry Posts Blog

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

1 comment

Trades Unions against ID Cards

The Trades Union Congress (TUC) has backed up airport workers protesting against ID cards, the Financial Times reports. In a letter to Home Secretary Jacqui Smith, the TUC said it... More

Post a comment

Featured Talkback

I wonder, who needs .asia domain? I cannot imagine, what would be useful for Microsoft.asia? Toyota.asia? Then let's register .europe (if .eu is too short). Or perhaps Microsoft.southamerica, Dell.australiaandnewzealand, Coca-Cola.africa... Sound funny? Then why not just use the global and country domains? Or perhaps it is time to drop the domains at all?

By: LadyRoot

Read full story:
Businesses advised to register .asia domains