Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Aug 2002
    Location
    San Diego, California, USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Document Collaboration Spyware - Wordmail? (Word in Outlook - all versions

    I've been following the Document Collaboration Spyware issue in WOW, but I don't see any indication if anyone has tested Wordmail (using Word as your e-mail editor in Outlook). If "bad guy" uses Wordmail to send a message to "victim" with this exploit, and if victim is also using Wordmail, victim only has to reply to the original message to send bad guy any file on victim's computer.

    I have not tested this scenario to see if it actually works, but if someone can confirm it, it would seem to be even more dangerous than the current versions of the exploit.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Document Collaboration Spyware - Wordmail? (Word in Outlook - all vers

    I experimented with this a bit just now. If the reply is Plain Text, nothing unexpected is included. In RTF, I could not determine what was in the file (toggling fields wasn't very revealing).

    In HTML, the spy field sends, receives, and is preserved by Word on reply. However, the INCLUDETEXT field appears to be disabled. Attempts to refresh the field with F9 generate a warning message in the Status bar that not all the fields could be updated, and the field result, when removed from the outer IF field, is Error! Cannot open file. This may be related to the recent patch that closed the ActiveX/Scripting exploit, and might differ from the standard, out-of-the-box behavior of WordMail in Office 2000.

    Other experiments probably should be conducted.

  3. #3
    3 Star Lounger Woody's Avatar
    Join Date
    Jan 2001
    Location
    Nashville, Tennessee
    Posts
    358
    Thanks
    1
    Thanked 644 Times in 4 Posts

    Re: Document Collaboration Spyware - Wordmail? (Word in Outlook - all vers

    My tests came up the same as JScher's - but I'm using Office XP SP-2.

    It's not at all clear to me that a spy field would survive the round trip. And automatic updating doesn't seem to "fire" the same way in WordMail as it does in Word.
    Woody

    For Dummies book author, Senior Contributing Editor for InfoWorld, and long-suffering Windows victim. Check out the latest at AskWoody.com.

  4. #4
    Lounger
    Join Date
    Jun 2001
    Location
    Burlington, Ontario, Canada
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Document Collaboration Spyware - Wordmail? (Word in Outlook - all vers

    <P ID="edit" class=small>(Edited by gwhitfield on 27-Sep-02 06:52. Hyperlinks added)</P>I believe there still might be an "in" with the field codes with regards to Outlook. Microsoft has documented why wordmail does not document changes to a document sent via Outlook.
    Since this spyware was originally triggered by the notion of making changes to a document and returning it, I would assume that if the fields could be updated by tracking changes, it might work.

    Here is the address to the Microsoft KBA: http://www.wopr.com/cgi-bin/w3t/showthread...l?Number=181427
    It would necessitate both users having Wordmail and the sender and possibly the recepient having - "Track changes while editing" selected from the Tools menu.
    Assuming that this has now been done, then the Wordmail document could track any changes made to the document, thereby having the fields being updated and at the same time, update the nefarious "includetext" field and snagging a document. That's my theory anyway.

    Alas, I can not experiment any further as I have no Wordmail option with my Outlook.

    One further question to this melee - I have seen some web-sites with a survey/entry form in Word format on their site. If set up as a survey, with input fields, and with that lovely Office interchange set up in IE, could a user, when filling out the survey online be passing more than a few answers back? Of course it relies on the end user knowing the file name and path to documents, but can a file be snatched this way too? Just curious.

  5. #5
    New Lounger
    Join Date
    Aug 2002
    Location
    San Diego, California, USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Document Collaboration Spyware - Wordmail? (Word in Outlook - all vers

    The link you included does not go to the Microsoft KB, it goes back to my original post.

  6. #6
    Lounger
    Join Date
    Jun 2001
    Location
    Burlington, Ontario, Canada
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Document Collaboration Spyware - Wordmail? (Word in Outlook - all vers

    My apologies. I forgot Office 97 can only hold 1 clipboard item.

    The link to the KBA is: http://support.microsoft.com/default.aspx?...B;EN-US;q164337

    Edited: <!t><!/t> and <!t><!/t> tags added around the URL to make the link live. -Mod.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •