Information from the properties of a Word document (on the File
menu, click Properties
) is not encrypted and can be read if a password-protected file is opened using a text editor (for example, Notepad).
The contents of the following fields of the document properties are included in the file data stream and are not encrypted with the document text:
or any other custom field and value you add to the Custom tab.
Any text, value, or path information that is entered into any of the above listed fields appears when a password-protected file is opened in a text editor.
The most severe security issues are the result of Word automatically
populating three of these fields without user intervention.
- The first 125 characters of the first paragraph are automatically included as the title if no information has been manually entered.
- The author's name is entered from the User Information tab (on the Tools menu, click Options).
- The company name from the installation is automatically entered.
On the File
menu, point to Properties
and click the Summary
tab. Clear any
fields that would cause security concerns for the document. Repeat these steps for the Custom
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.