Hack 85 Stop Hidden Fields in Word from Stealing Your Files and Information


Hidden fields in your Word documents can be used to peer into your PC and even grab your files. Here's how to prevent that from happening.

A little-known trick in Word can let malicious users steal your private information and can even allow someone to get access to the files on your PC. It does this by using Word Fields, which are used to insert self-updating information into Word documents, such as page numbers in a header or footer. Some fields, though, can be hidden, and, because you can't see them, you can't tell what they're doing.

One of these hidden fields, IncludeText, is generally useful; it can insert Word documents or Excel spreadsheets into other Word documents. However, the field can also be used maliciously. For example, let's say someone sends you a document, you edit it, and then send it back to the person who sent it to you. If it included a hidden IncludeText field with specific files and their locations on your hard disk, those files on your hard disk could be sent back to the document originator without your knowing it.

There are several ways to solve the problem. One is to install a Microsoft patch that fixes the vulnerability. For more information and to download it, go to http://support.microsoft.com/default.aspx?scid=kb;en-us;329748.

Another way to solve the problem is to download the free Hidden File Detector from http://www.wordsite.com/HiddenFileDetector.html. It adds a new menu item, Detect Hidden Files, to Word's Tools menu. When you choose it from the menu, a dialog box alerts you to any documents that have been inserted into the file by a Word Field that could be functioning as spyware.

You can also try to solve the problem yourself by choosing Edit Links to see if there are links in your document to files. (If there are none, the Links option will be grayed out.) If you find them, delete them, and the problem should be fixed.

9.7.1 See Also

  • [Hack #33]

  • [Hack #89]