Comments From: Aleph One 

[ This is a wonderful example of the press at work. I was contacted by
  a wired staff member last week about this story. Sorry, I don't recall
  if it was Chris or someone else. At that time they wanted to talk to
  me and get a quote. They wanted to go to press as soon as possible.
  I told them I was still looking into the matter and if he could call me
  back in five minutes. He agreed. I knew I had seen this problem before
  but could not remember where. I looked in the bugtraq archives and could
  find nothing. I probably saw it while I was subscribed to cypherpunks a
  long time ago. In any case, I searched the MS KB and found the article
  talking about the OLE fix. Five minutes later I got a call from the same
  reporter and I explained to him there was a fix for the problem
  available for several months. Whats more the fix had been included in 
  the Windows 95 SP1 so most new version of Win95 should be safe. After
  being informed of this the reporter decided he no longer had a story and
  would simply file the information someplace. Now is a few days later and
  we got this article from wired. There is no mention to the fact that SP1
  includes the fix. There is also no mention to how long the fix is been
  out (months). They said they could not reach MS in time but I know they
  been researching this story for days. In any case the problem does not
  seem to have anything to do with RAM but on the way FAT allocated space
  for files. So much for accurate reporting. - a1 ]

   MS Office Leaks Sensitive Data
   by Chris Oakes 
   6:15pm  29.Jun.98.PDT

   Microsoft has acknowledged a security vulnerability in its Office
   application suite that can potentially reveal sensitive data residing
   on a user's computer.
   The bug reveals information that resides in a user's RAM and memory
   buffers -- such as user IDs and passwords -- when users save Microsoft
   Word, Excel, and PowerPoint documents. To access the potentially
   sensitive information contained inside a document, a user simply has
   to open the file using a text-editing program such as BBEdit or
   Windows Notepad.
   "I've received numerous emails confirming it in Windows," programmer
   Mike Morton said last week. Morton, of the ecommerce company DXStorm,
   recently reported his own experience with the bug to the BugTraq
   mailing list, which issued an alert last week.
   Microsoft (MSFT) says the bug affects users of Excel 7.0,
   PowerPoint 7.0, and Word 6.0 and 7.0 on the Windows 95 platform. The
   bug may be of particular interest to users who attach Office documents
   in emails, which could reveal the potentially sensitive information to
   all recipients of the attached document.
   Microsoft has released a patch for the bug, which is described as
   an "OLE Update for Windows 95."
   "Due to the way Microsoft Excel, Microsoft PowerPoint, and Microsoft
   Word for Windows use OLE for file storage, documents created in these
   programs may contain extraneous data from previously deleted files,"
   the Microsoft site reads. "This extraneous data is not visible within
   the document and does not affect your ability to use these programs
   normally. However, it is possible that legible portions of previously
   deleted files may be viewable if you examine these document files
   using Notepad or file-utility software."
   The situation could pose security and privacy concerns when these
   documents are handled electronically, the alert says.
   The type of information revealed in Office documents could include the
   text of telnet sessions when user IDs and passwords are entered to
   access remote services, the contents of disk directory paths, and the
   URLs of visited Web sites. So far, Morton said he hasn't discovered
   common textual information, such as email content or other sensitive
   communciations. But he doesn't rule that out, either.
   Morton said that in analyzing some of the information contained in his
   company's documents, the information found there -- even in new
   documents -- looks to be as much as a month old. This suggests that
   the filler data may even be taken from dormant sections of the hard
   disk. But mostly he's seen evidence that it comes from memory spaces.
   "It looks like [Word] uses a chunk of buffer or RAM memory just to
   fill out the minimum-size requirements of the document," Morton said.
   "So pretty much anything that's residing in your memory it's grabbing
   it and dumping it into the document."
   Morton said his company will suspend using Microsoft applications to
   provide materials to its customers until it has resolved the problem.
   The bug does not affect Microsoft Windows NT users, but does affect
   Word 98 for the MacOS, and no patch for that has been made available.
   Microsoft could not be reached for comment in time for this story.