Common known flaw with microsoft, and their program recognizing by file extension method, is that if you rename a file (by right clicking the file and hititng rename)blah.doc into blah.html then choosing the program to open it up with, you have got a bypass.
I just tried this with fully-patched Microsoft Word from Office XP. I renamed a test.doc to test.html. I then opened it with Word and the document protection for changes was still enabled.
This is because of their "recognizing by file extension method", and isn't really a "flaw". Their "recognizing by file extension method" actually *prevented* the bypass, not caused it.
I then opened the file with Internet Explorer and it was a bunch of garbage.
Am I missing something?
Brian
-- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota 612-626-7737
"There are 10 types of people in this world. Those who understand binary and those who don't."
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
