'Microsoft', 'security flaw', make your own headline

Microsoft has warned that a security flaw in Word could allow a document to hijack files from any Windows PC on which it's opened, the software giant warned on Thursday.

A would-be thief would have to take extraordinary care in setting up the scenario, however, including knowing the exact location and name of the desired file as well as persuading the victim to open, modify, save and then return the Word document to the sender.

The scheme works best under Word 97, but Word 2000 and 2002 could also be conscripted into service if the attacker can persuade a victim to print the document first, a Microsoft spokesperson said.

"The Microsoft Security Response Center is thoroughly investigating this issue, just as we do every report we receive of security vulnerabilities affecting Microsoft products," the spokesman wrote in an email statement. "When the investigation is completed, we will take the action that best serves Microsoft's customers."

Details of the flaw were first published on 26 August to the popular Bugtraq security list, a service hosted by SecurityFocus, a subsidiary of Symantec.

The attack uses the INCLUDETEXT field, one of the many hidden fields embedded in Word documents, to copy text into a document opened on another computer. The file can be hidden by using a small white font to make the appended text nearly invisible.

Microsoft could give no schedule for when a patch may be released. The only way to prevent a file from being stolen is to manually check the fields, accessible in the document's properties.

Robert Lemos writes for News.com

Want to read more about Microsoft security problems?
Microsoft plans SQL security overhaul
http://www.silicon.com/a55488
Microsoft owns up to "critical" SQL hole
http://www.silicon.com/a54802
Microsoft warns of further IIS server flaws
http://www.silicon.com/a53944
Microsoft patches .Net
http://www.silicon.com/a53817
Internet Explorer hole uncovered
http://www.silicon.com/a53765