OSVDB ID: 12937 Title: Microsoft Office Encrypted Document RC4 Implementation Weakness |
Info |
|
|
Dates |
||||
|
|
Description |
Office contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the initialization vector is re-used when encrypting Word and Excel files, which will cause the resulting keystreams to be vulnerable to cryptanalysis resulting in a loss of confidentiality. |
Classification |
Location:
Unknown Location
Attack Type: Cryptographic Impact: Loss of Confidentiality Exploit: Exploit Rumored / Private |
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. |
Products |
|
References |
|
Credit |
|
i2r.a-star.edu.sg - Institute for Infocomm Research, Singapore