Article 41822 of alt.security:
In comp.security.misc lustiger@att.com wrote:

> I discovered what looks like a major hole in Microsoft Office (95 and 97)
> passworded files.

I'd hardly call it "major" - and its existence should be obvious to
anyone who understands the OLE2 file structures of the documents created
by Office.

> While the files are encrypted (and I know that the Office 95 file
> encryption is laughably weak),

It is; for instance see our Word 6/7 cracker

	ftp://ftp.complex.is/pub/fdc-101.zip

However, the encryption used by Office 97 is much stronger - RC4. Still
not strong enough for anything you want to keep secret, but definitely
beyond the reach of the average cracker.

> *the file attachments are not.*

Attachments? I think you mean the embedded objects.

> So if you attach a Visio picture or Excel spreadsheet to a passworded
> Word file, they are saved in the clear.

:-). Of course. More exactly, they are saved *elsewhere*. Let me
explain.

The products of the Office suite store the data they produce in OLE2
files. OLE2 is a "file system within a a file" - with its own FATs,
clusters, root directory (called "root storage"), subdirectories (called
"storages") and files (called "streams"). It's hierarchical, like a
tree. When you tell Word or Excel to use encryption, the only thing it
encrypts is the *data* stream in the OLE2 file used by the respective
application. For Word documents, this is the WordDocument stream (Word
97 also encrypts the 1Table and 0Table streams). For Excel 5/7 this is
the Book stream and for Excel 97 this is the Workbook stream.

If you embed an object in a file created by an Office application, this
results in the creation of a whole subtree of storages and streams in
the OLE2 filesystem of the file. One of the new streams contains either
the object itself (if it is not produced by an Office application), or
the data stream of the object (if it is produced by an Office
application).

Here is an example. If you embed an unencrypted Word document into an
encrypted Word document, the OLE2 filesystem has the following
structure:

-\				(root storage)
 |
 +-CompObj			(stream, unencrypted)
 |
 +-ObjectPool			(storage)
 |    |
 |    +-_123456789		(storage)
 |         |
 |         +-Ole		(stream, unencrypted)
 |         |
 |         +-PIC		(stream, unencrypted)
 |         |
 |         +-META		(stream, unencrypted)
 |         |
 |         +-CompObj		(stream, unencrypted)
 |         |
 |         +-ObjInfo		(stream, unencrypted)
 |         |
 |         +-ObjectPool		(storage, empty)
 |         |
 |         +-WordDocument	(unencrypted)
 |         |
 |         +-SummaryInformation	(stream, unencrypted)
 |
 +-WordDocument			(stream, encrypted)
 |
 +-SummaryInformation		(stream, unencrypted

> Any ASCII file viewer can be used to easily verify this.

Or you can use the DFView program from the MSDN CD-ROMs to examine the
OLE2 file system and see it as the tree I draw above.

> Needless to say, one can get a lot of information from attachments.

Oh, you can get it from elsewhere too. For instance, the
SummaryInformation streams are not encrypted. Also, the Office 95
products create one additional stream, called
DocumentSummaryInformation. These streams have a well-documented
structure and contain such information as the name of the user who has
created the document, the number of pages/paragraphs/words/characters in
the document, the creation and last saved dates, and many other things.

Also, since the OLE2 filesystem supports such concepts as "clusters" and
"fragmentation", you can often see leftovers of the plaintext document
in unused clusters - just like you can find them on the unused clusters
of a DOS filesystem after you encrypt a file.

> This problem exists for both Word and Excel, 95 and 97.

It exists for all OLE2-capable Office applications. In fact, it is
probably not limited to Microsoft's products - I suspect that most
products which support OLE2 embedding of objects AND encryption have
this kind of problem.

> I e-mailed to secure@microsoft.com and never received a reply besides
> the boilerplate "if we consider this a security problem we'll contact
> you within one business day, otherwise call support."

They won't fix it. They can't fix it. There isn't anything to fix - they
cannot encrypt the whole file, because then the system will become
unable to treat it as an OLE2 file.

> So if you really want to safeguard your MS Office files, use a
> third-party encryption package.

Or encrypt the objects before you embed them into encrypted objects.

Regards,
Vesselin
-- 
Vesselin Vladimirov Bontchev, not speaking for FRISK Software International,
Postholf 7180, IS-127, Reykjavik, Iceland               producers of F-PROT.
e-mail: bontchev@complex.is, tel.: +354-561-7273, fax: +354-561-7274
PGP 2.6.2i key fingerprint: E5 FB 30 0C D4 AA AB 44  E5 F7 C3 18 EA 2B AE 4E