Microsoft Word bugs users

A 'hidden feature' of Microsoft Word turns it into a Trojan horse network security nightmare, according to a US privacy organisation.

Richard Smith, chief technology officer at The Privacy Foundation, said that Word documents can include an invisible marker with a link to an image file on a remote web server. Once the file is opened, it sends a signal back to the document's creator with the IP address of the recipient's computer. If combined with a cookie in the Word document, it could be used to gather data on the recipient.

The process repeats itself if the document is forwarded, so a user could track the movement of a file sent as a mail attachment.

Smith said the bug was a product of desktop applications merging with the internet. "The use of web bugs in Word does point to a more general problem. Any file format that supports automatic linking could lead to the same problem. Software engineers should take this privacy issue into consideration when designing file formats," he said.

Two years ago, it was found that code embedded in Word documents could let files be traced to the original author.

The only way to squash the bug is to remove Word's ability to link to web images. However, if this feature is widely used within an enterprise it may not be practical to take such a step.

Cookies should be disabled inside Word documents and by default when Internet Explorer is used inside other applications.

Managers concerned about the security of their network can use programs such as ZoneAlarm from www.zonelabs.com to warn about web bugs in Word documents.

Microsoft was unable to comment on the situation.

First published in Network News