- #How to open microsoft word file location how to#
- #How to open microsoft word file location download#
#How to open microsoft word file location download#
The following screenshot illustrates the “Link to File” option and illustrates the download URL that we want.Īfter clicking “Link to File”, Word fetches it from the webserver as seen from our linux python HTTP server:Īfter the image is pulled down from the website, it displays in the Word document: Instead of a normal filename, provide the HTTP URL that will download the image, including the tracking information appended to it (i.e., this is where you “personalize” the image link). Now in Microsoft Word, insert the tracking image using the “Link to File” option. On a linux virtual machine, I’ll place an image (seen below as “skull-crossbones.png”) in a file directory, then use python’s built in HTTP server to serve it up: In our web tracker example, we’ll see that nothing happens until the user clicks the Microsoft Word “Enable Editing” button, and at that time the tracking image is fetched with the tracker information embedded in the URL.įirst I’ll setup a very simple web server to serve up my test tracker images.
When you click on an ad, the ad server knows who you are by information added to the URL of the ad. This is essentially the same mechanism used by personalized ads on websites. The author could use “12345” for one target, and maybe “23456” for a different target. The key part of the URL is the “trackerID=12345”. For instance, the URL used to reference the remote image might be “”. The URL used to fetch the image will have a specific identifier in it that the author uses to correlate the image retrieval with the specific target. The author will embed a small image (typically one pixel) that will be remotely loaded from the author’s website. We’ll start by constructing a simple web tracker – the most common abuse of the network resource feature.Ī web tracker is typically used when an author wants to know if a Word document is opened by a specific person or organization. Let’s now demonstrate how Word protects the user through three different attack scenarios, and by association we’ll see what can happen when a user prematurely clicks on the “Enable Editing” button. Unfortunately, this also trains the user to click the “Enable Editing” button if he or she simply wants to view the complete document, and it is at that moment that a potential attack can succeed. When the user clicks the “Enable Editing” button, Word will assume that the user trusts the document and it proceeds to load all of the external resources required to display the document in the “normal” edit mode.
For instance, the following screenshot illustrates what the document looks like if an external image is not fetched: This often means that the document will look incomplete, because the user is only able to see a preview of the document without any of the content that is linked to a network location. When Word opens a document in Protected View, it renders a read-only view of the document using only data contained in the document itself – it does not attempt to load any resources not actually found in the file. In this blog post, I will demonstrate three different attacks that are stopped by Protected View. Microsoft Word, as an example, will open untrusted email attachments in a mode called “ Protected View“.
#How to open microsoft word file location how to#
Someone engaging in spear phishing could employ Word-based web trackers to learn more about the type of desktop computer and operating system a target is using, helping the spear phisher tune his or her strategy for further attack. To reduce the risk of this exposure, Microsoft Office applications like Outlook, Word and Excel use a trust model to determine how to handle documents that are downloaded from the internet or which arrive via email. Unfortunately, these features can be abused by bad actors to obtain operational intelligence on individuals, or even to steal credentials. This is a great feature within corporate environments because it facilitates the reuse of assets like logos and corporate document templates. Microsoft Word has long offered support for loading images and templates over the network.
0 kommentar(er)
