A security hole affecting old copies of some Microsoft Office applications may have left a legacy of data leaks with the potential to reveal sensitive information and weaken security on government and commercial Web sites around the world.
The Google search engine reports that there are over half a million Microsoft Word .doc files available for download from various Web sites. Of these, a small but significant percentage have been created using versions of the software known to create "leaky" documents.
First discovered in 1998, the bug causes random fragments of data from previously deleted files to be included in areas of a document that are otherwise unused. This random data can contain anything that might have once been stored on the creator's computer, including passwords, sections of other documents and correspondence. Anyone downloading affected documents and browsing them with a hex editor--a program that allows a user to look at code--can easily view this extra information, although it otherwise remains invisible.
|