Microsoft Office Word and Excel applications are reported prone to a security vulnerability. It is reported that the functionality that provides for password protecting confidential documents is flawed; specifically the RC4 stream cipher that is employed to obfuscate protected documents is implemented incorrectly. An attacker that can retrieve an original encrypted document and subsequent encrypted modifications of said document may employ cryptanalysis techniques to potentially reveal portions of the target document. Information gathered by exploiting this vulnerability may be used to aid in further attacks launched against a target victim.
Microsoft Office Word and Excel applications are reported prone to a security vulnerability. It is reported that the functionality that provides for password protecting confidential documents is flawed; specifically the RC4 stream cipher that is employed to obfuscate protected documents is implemented incorrectly. An attacker that can retrieve an original encrypted document and subsequent encrypted modifications of said document may employ cryptanalysis techniques to potentially reveal portions of the target document. Information gathered by exploiting this vulnerability may be used to aid in further attacks launched against a target victim.