[Am-info] Fwd: WOW #7.43 - That ain't a Word label Bug, It's a Feature

Gene Gaines gene.gaines@gainesgroup.com
Thu, 12 Sep 2002 12:55:01 -0400


Take a look at Item 1 in Woody's Office Watch newsletter, below.
Goes into more detail about the exploit than I have seen before.

Gene Gaines


This is a forwarded message
From:  Woody's Office Watch <wow-robot@woodyswatch.com>
To:    xxxxxx
Date:  Thursday, September 12, 2002, 12:23:17 PM
Subject: WOW #7.43 - That ain't a Word label Bug, It's a Feature
=================Original message text===============

           --==>> WOW -- WOODY's OFFICE WATCH <<==--
              Weekly advice and commiseration from
            Woody Leonhard, Certified Office Victim
          12 September 2002                    Vol 7 No 43

     >>>>>>>>>>>>>>>> LOST YOUR PASSWORD? <<<<<<<<<<<<<<<<
   Password recovery tools for Excel, Word, Outlook, Access,
  Windows NT, Exchange, Lotus, Schedule, Mail, Backup and more!
            Easy to use, powerful and *affordable*.
  >> Get your FREE demo NOW from http://www.LostPassword.com <<

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  The latest issue of Woody's Office for Mere Mortals starts
  filling in the background you need to protect yourself
  against the "Document Collaboration Spyware" exploit I
  talked about last week. I've decided to start with the
  minimum amount of information you need to identify the
  "spy" field code. If Microsoft decides to patch Word 97
  (see the first article below), I'll stop at that point. On
  the other hand, if MS doesn't patch Word 97, I'll give you
  all the details you'll need to convince yourself (and your
  boss!) that Word 97 contains a huge security exposure that
  renders it unusable in all but the most restricted
  circumstances. To subscribe to WOW-MM with the same address
  that received this issue of WOW, click here:
  http://woodyswatch.com/wowmm/subscribe.asp?e=genegaines@earthlink.net
  (or mailto:wowmm@woodyswatch.com).


  1. Microsoft's Conundrum with Word 97 Spyware
  2. Top Tip: That Ain't a Label Bug, It's a Feature
  3. Your Spyware Questions Answered
  4. More Security Headaches - GreyMagic Strikes Again
  5. An Even Better Way to Send Mail to a Category
  6. Scheduling Outlook Tasks
  7. Keep WOW Alive and Free

  >> Recover your IMPORTANT Office files at www.OfficeRecovery.com <<
  Data recovery for Word, Excel, PowerPoint, Access, Exchange files.
  Modules available standalone and in handy OfficeRecovery suites.
  Got Office? Get OfficeRecovery! Use yourself, tell a colleague.
  *** Click http://www.OfficeRecovery.com for a FREE demo ***

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1. MICROSOFT'S CONUNDRUM WITH WORD 97 SPYWARE
  Last week I told you about Alex Gantman's "Document
  Collaboration Spyware" exploit in Word 97. In a nutshell:
  if you use Word 97 to edit a Word document sent to you by
  someone else, and you return that document to them, the
  document may contain a copy of any file on your computer.
  The copied file isn't visible in Word - no matter what you
  do in Word, you can't see the data that's been scarfed up
  and inserted in the document. But the data is clearly
  visible using Notepad or Wordpad.

  In fact, the exploit is more dangerous than first meets the
  eye because the scarfed up file can be just about any file
  (document, Excel spreadsheet, whatever), and it can be
  located anywhere - even on a secure server. If you have
  permission to read the file, and you use Word 97 to edit a
  document that's been given to you, and the person who's
  trying to grab the file knows its name and where it's
  located, Alex's exploit will invisibly suck the file into
  the Word document as soon as you open it.

  More than that, the "spy" field code can scan for hundreds
  of files with impunity. If the person trying to drag
  information out of you doesn't know the precise file name,
  they can make a whole lotta guesses, and you'll never be
  any the wiser.

  I'm tellin' ya, folks, it's the worst Word security hole
  I've ever seen.

  If you use Word 97 (and I figure about 95% of all the large
  companies on the planet still have people who use Word 97),
  you should NOT open and modify a document that someone
  gives to you, unless you're sure that they can't get the
  document back.

  Far as I'm concerned, this security hole renders Word 97
  essentially useless - downright dangerous, in fact - in any
  corporate environment, and close to useless anywhere else.

  Microsoft Management has an interesting decision to make.
  Microsoft doesn't officially support Word 97 any more.
  Ergo, the obvious question: Is Microsoft going to patch the
  hole, or are they going to let their Word 97 customers
  twist in the wind?

  Every indication I've seen points to the pound sand
  alternative. And that makes me mad as hell. It should make
  you mad, too.

  No doubt some Microsoft higher-ups figure this is good
  news: after all, anything that forces customers to upgrade
  is good, yes?

  But in the end, denying Word 97 users a fix eats away at
  Microsoft's credibility, particularly considering the
  extent of this security hole. It's the antithesis of
  "trustworthy." And you have to wonder about Microsoft's
  liability in a situation like this.

  Your call, Steve.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  Make the shift to fast full throttle vibrant COLOR with the Phaser 6200.
  An affordable, high-performance office color laser printer that's
  FASTER than 90% of today's office printers at 16 ppm in full-color!
  Win a 50" HIGH-DEFINITION TV or a PHASER 6200 COLOR LASER PRINTER
  ENTER TO WIN at http://psstt.com/1/c/23071/65146/205856/205856
  <a href="http://psstt.com/1/c/23071/65146/205856/205856"> AOL users click here </a>


  ** Buy One Inkjet Cartridge - GET TWO FREE!! **
  Buy 1 Get 2 FREE on Most Epson, Canon, and Apple
  Cartridges. Wholesale Pricing on Lexmark Cartridges.
  Free Shipping on orders $25 or more!! U.S. Shipping Only.
  Click Here For a Complete List of Cartridges.
  http://psstt.com/1/c/23071/56049/205856/205856
  <a href="http://psstt.com/1/c/23071/56049/205856/205856"> AOL users click here </a>


  2. TOP TIP: THAT AIN'T A LABEL BUG, IT'S A FEATURE
  Phil Rabichow, who's been around the WOPR Lounge so long I
  think his name is carved on one of the pillars, read about
  the Word 2000/2002 label sizing bug my son hit, as
  described in
  http://www.woodyswatch.com/office/archtemplate.asp?v7-n38

  Ya know what? It ain't a bug. It's a feature!

  When we created the labels, we told Word to use A4 paper.
  (For those of you who don't know, A4 is the common size of
  paper used for business correspondence almost everywhere in
  the world, except the USA.) There was no particular reason
  for us to use A4 - the label sheets themselves are
  considerably smaller than A4 or 8 1/2 X 11 - and we didn't
  think anything about it.

  Wrong.

  Phil nailed the problem. Both our Word 2000 and Word 2002
  machines have the Tools | Options | Print | Allow A4/Letter
  paper resizing box checked. (If you look at your PC, I bet
  you do, too - we run bone-stock standard US versions of
  Office and Windows, just like you.)

  Phil said: "If you have that option checked & you create
  labels on A4 paper, Word "knows" that you really wanted
  them smaller. I understand that if you create a document on
  8 1/2 X 11 & then put it on A4 paper, it must be resized to
  maintain the same relative formatting. So Word shrinks your
  tables. Er, labels. I don't know if this is a bug or "by
  design", Word should know that if you go to the trouble of
  specifying exact label dimensions & paper size all in the
  same dialog box, that you mean it."

  And that was precisely the problem. Word took it upon
  itself to resize the pages, clobbering our labels in the
  process.

  Thanks, Phil.

  Those of you who struggle with printing documents on
  different-sized paper (and that seems to be an increasing
  percentage of you every day) should seriously consider
  unchecking that "Allow A4/Letter paper reiszing" box. See
  the WOPR Lounge thread starting at
  http://www.wopr.com/cgi-bin/w3t/showflat.pl?Cat=&Board=wrd&Number=170659
  for details.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  ContEX CRM is the most powerful, flexible, customisable and simple solution
  available to turn Microsoft Outlook into a fully featured low cost CRM system.
  Features mailing and event management, sales pipeline and prospect tracking,
  and a public journal folder.ContEX CRM is the solution that Microsoft Outlook
  users everywhere have been waiting for!.
  For information:- www.imprezacomp.com

  Looking for time saving Excel add-ins?  Visit  add-ins.com!
  http://www.add-ins.com/index.htm?wow2



  3. YOUR SPYWARE QUESTIONS ANSWERED
  Many of you wrote last week with questions and comments
  about the "Document Collaboration Spyware" security hole
  and the other exploit that I bumped into.

  JW writes: "Is there a way to disable Word 97/00/02 so that
  the problem doesn't occur?"

  Nope. Far as I can tell, there isn't a thing you can do
  about it, aside from deleting the offending field(s).

  JW: "Is this related to the Track Changes tool in some way?"

  Nope. Track Changes in Word 2002 is a thorny mess. But it's
  a different thorny mess. <weak grin>

  PS: "When I've received the Word document, I save it onto
  my PC under a different file name (before making the
  changes), would the spyware still run off and snatch any of
  my files?"

  Yes. Doesn't matter where you put the "spy" document - the
  one you received from your snoopy friend - or what its name
  might be.

  XA: "Have you noticed if this security hole remains when I
  change the document but save and return it as RTF not DOC
  format?

  When I do a File | Save As in Word 97, and save the
  document in Rich Text Format, the "spy" text appears in the
  RTF file. In other words, you can't save as RTF and bypass
  the problem. (Very interesting question, by the way.)

  IH: "Who needs to have Word 97 running - the sender, the
  recipient, or both?"

  For the "Document Collaboration Spyware" exploit, only the
  recipient needs to be running Word 97. You can easily
  create a "spy" document with any version of Word.

  The exploit I bumped into, on the other hand, works across
  all versions of Word.

  Some of you chastised Alex for publishing details of a
  security exploit before Microsoft had a chance to fix it.
  Let me rush to Alex's defense.

  First, people like Alex (and Georgi Guninski) have become
  so fed up with Microsoft's lax response to security fixes
  that they aren't willing to play the game any more. They
  don't trust Microsoft to work diligently on a fix, and they
  figure the only way a hole is going to get plugged quickly
  is if they get all the details out, right away. After all,
  it only took Microsoft four and a half months to plug the
  critical holes in the Office Web Components. (Worse, MS
  buried the one crucial detail about the fix - telling IE
  not to trust content from Microsoft - so deep in a security
  bulletin that most people never read it! Don't get me
  started.)

  Second, there's a lot to be said for getting all the
  details about a new exploit out in the open as soon as
  possible - that way, other security-minded folks (such as
  yours truly) can try to shed light on the problem, and come
  up with suggestions for Microsoft to consider when creating
  the patch.

  Third, many people figure that if they've stumbled on a big
  security hole, it's only a matter of time before somebody
  with a black hat stumbles onto the same security hole, and
  really makes a mess of things by catching the world
  unawares.

  Fourth, Microsoft has shown absolutely no interest in
  protecting Word 97 users. None. Why should Alex take on
  Microsoft management, all by himself, keep his mouth shut,
  and hope that MS will some day do the right thing?

  Personally, I have varying degrees of sympathy with all of
  those arguments, but after all that's happened I can't
  fault someone for blowing the whistle.

  Some of you wrote in to chastise me for NOT giving out the
  details of the security exploit I bumped into. Sorry, but
  as long as I'm convinced Microsoft is working on a fix,
  I'll keep mum. I've done it before (two other Office holes,
  and one in Windows), and I'm inclined to do it again.

  Of course, if Microsoft refuses to patch Word 97 for either
  Alex's exploit or my exploit, the gloves come off.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  OFFICE DOC MANAGER + PROFESSIONAL WEB BROWSER
  Research-Desk combines Excel, Word, PowerPoint, and a
  research oriented web browser into one super-MDI/tabbed application:
  Create workspaces, save all open docs with one command, search
  across all open documents, save web pages, and much more...
  http://www.winferno.com/p/wow1


  4. MORE SECURITY HEADACHES - GREYMAGIC STRIKES AGAIN
  GreyMagic has found yet another Internet Explorer (5.5 or
  higher) security hole, and this one can be readily
  exploited in Outlook. See
  http://sec.greymagic.com/adv/gm010-ie/ for details about
  "Who Framed Internet Explorer".

  Thor Larholm reports 20 outstanding IE security holes - and
  that's AFTER Internet Explorer 6.0 Service Pack 1, which
  ships with Windows XP Service Pack 1.
  http://pivx.com/larholm/unpatched/

  Every week I get more and more convinced that Office 11's
  new ability to read and write XML files will be a
  horrendous security headache. Jeeez. They can't even keep
  the native binary file format secure. What's going to
  happen when every Tom, Dick & EXE can go in and twiddle a
  Word doc's bits?
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  Get a FREE New Car Quote!
  Save time and money by requesting a free quote today.
  InvoiceDealers will offer you the ABSOLUTE BEST PRICE on a new car,
  truck, van or sport utility vehicle.  Start here and save!
  http://psstt.com/1/c/23071/69019/205856/205856
  <a href="http://psstt.com/1/c/23071/69019/205856/205856"> AOL users click here </a>


  5. AN EVEN BETTER WAY TO SEND MAIL TO A CATEGORY
  In recent issues of WOW I've been talking about various
  ways to send email to an entire Category of entries in your
  Contacts list - the obvious way to manage mailing lists,
  for example.

  WOWser Andy Wright sent me a great alternative: "What I do
  is switch to By Category view, then drag the grey Category
  grouping bar - you know, the one that says "Categories:
  MyMailingList (23 items)" - and drop it onto the Inbox or
  any other mail folder. It creates a new message addressed
  to everyone in that category.

  I do this in preference to using the PAB PDLs because it's
  dynamic - I add someone to the category, they're in the
  list. Done. The email addresses are all in the To: line of
  the message - if I want to miss a couple of people out of
  this mailing, I can, by simply deleting their names. It
  also leads to simpler list maintenance - I find it easier
  to look at a Contact and think "What lists should this
  person be on?" than to look at a list and think "Which
  people should be in this list?" but I guess that's just the
  way I think.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  6. SCHEDULING OUTLOOK TASKS
  Here's a neat utility that does just what I want - and no more.

  Don't know about you, but I have about a zillion tasks that
  stare at me every morning. It's hard to keep track of them
  all. Outlook doesn't help much. But a utility called
  Taskline (http://www.taskline.info/ ) gives me a bunch of
  tools for organizing and managing them.

  It's cool. Not a full-fledged project management package.
  Just a little companion that lets me assign start and
  finish dates, works around my calendar entries, and helps
  me keep on top of deadlines - the bane of the scribbling
  class.

  Shareware priced at $50, with a 30 day trial period. Check
  it out.


  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. KEEP WOW ALIVE AND FREE
  If you like the no-nonsense style you see in this
  newsletter - the straight scoop, whether Microsoft likes it
  or not, dished out in a way that won't put you to sleep -
  get one of my books!

  "Windows XP All-In-One Desk Reference For Dummies", Hungry Minds
       http://www.woodyswatch.com/l.asp?0764515489

  "Special Edition Using Microsoft Office XP" with Ed Bott, Que
       http://www.woodyswatch.com/l.asp?0789725134

  "Special Edition Using Microsoft Office 2000" with Ed Bott, Que
       http://www.woodyswatch.com/l.asp?0789718421

  "Woody Leonhard Teaches Office 2000", Que
       http://www.woodyswatch.com/l.asp?0789718715

  ADMINISTRIVIA
  If you want to know about subscribing, unsubscribing,
  changing your address, making comments, distributing copies
  of WOW - or you want to read about how we protect your
  privacy, or any of the usual legal mumbo-jumbo, please hop
  over to your very own personalized WOW page at
  http://woodyswatch.com/info.asp?wow=genegaines@earthlink.net

  This copy of WOW was originally sent to genegaines@earthlink.net

  ADVERTISING
  You, too, can reach the largest group of influential Office
  users on the planet for a mere pittance... send a message
  to Jan mailto:ads@woodyswatch.com and our ad folks will
  send you details.

  Woody's Watch happily uses Dundee Internet for all web &
  list hosting http://www.dundee.net/isp/default.asp

  Woody's OFFICE Watch
  Copyright 2002 by Peter Deegan. All rights reserved. ISSN 1328-1674.

      ======================================================
               W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H


==============End of original message text===========

-- 
Gene 
gene.gaines@gainesgroup.com