Microsoft has acknowledged a security vulnerability in its Office application suite that can potentially reveal sensitive data residing on a user's computer.
The bug reveals information that resides in a user's RAM and memory buffers -- such as user IDs and passwords -- when users save Microsoft Word, Excel, and PowerPoint documents. To access the potentially sensitive information contained inside a document, a user simply has to open the file using a text-editing program such as BBEdit or Windows Notepad.
"I've received numerous emails confirming it in Windows," programmer Mike Morton said last week. Morton, of the ecommerce company DXStorm, recently reported his own experience with the bug to the BugTraq mailing list, which issued an alert last week.
Microsoft (MSFT) has said the bug affects users of Excel 7.0, PowerPoint 7.0, and Word 6.0 and 7.0 on the Windows 95 platform. The bug may be of particular interest to users who attach Office documents in emails, which could reveal the potentially sensitive information to all recipients of the attached document.
Microsoft has released a patch for the bug, which is described as an "OLE Update for Windows 95." The software giant could not be reached for comment on Monday.
"Due to the way Microsoft Excel, Microsoft PowerPoint, and Microsoft Word for Windows use OLE for file storage, documents created in these programs may contain extraneous data from previously deleted files," the Microsoft site reads. "This extraneous data is not visible within the document and does not affect your ability to use these programs normally. However, it is possible that legible portions of previously deleted files may be viewable if you examine these document files using Notepad or file-utility software."
The situation could pose security and privacy concerns when these documents are handled electronically, the alert says.
The type of information revealed in Office documents could include the text of telnet sessions when user IDs and passwords are entered to access remote services, the contents of disk directory paths, and the URLs of visited Web sites. So far, Morton said he hasn't discovered common textual information, such as email content or other sensitive communciations. But he doesn't rule that out, either.
Morton said that in analyzing some of the information contained in his company's documents, the information found there -- even in new documents -- looks to be as much as a month old. This suggests that the filler data may even be taken from dormant sections of the hard disk. But mostly he's seen evidence that it comes from memory spaces.
"It looks like [Word] uses a chunk of buffer or RAM memory just to fill out the minimum-size requirements of the document," Morton said. "So pretty much anything that's residing in your memory it's grabbing it and dumping it into the document."
Morton said his company will suspend using Microsoft applications to provide materials to its customers until it has resolved the problem.
The bug does not affect Microsoft Windows NT users, but does affect Word 98 for the MacOS, and no patch for that has been made available.
