Security issue from within Word?

[KeithM]

We have found that if a word document contains embedded hyperlinks it is
possible to circumvent security.

For example we have a system where users have their local drive locked down
and have to store any documents on mapped networked drives.
1. The user opens a word document on one of his mapped drives and that
document contains a hyperlink
2. The user right clicks on a hyperlink and clicks 'edit hyperlink'
3. the user can then type in the 'address' field of the dialog
"C:\hiddendocument.doc" and ok the dialog
4. the user then ctrl- clicks on the edited hyperlink and the document from
the local drive will then open in Word.

At step 3 the user can also type in the name of his network domain
controller server, for example \\BALOO and then when he clicks the
hyperlink, a browse window comes up allowing browsing around the server.

I have tried various measures from within a COM AddIn I have but to no
avail.
Is there any way to turn the editing of hyperlinks off, perhaps from within
our COM AddIn?



Thanks

 

[Peter Huang [MSFT]]

Hi Keith,

I think the key point is how did you lock down the locked down.
Based on my test, e.g. we have a hyperlink to \\Server\ABC, if I did not
have the permission to access that, even if I can edit the link, when I
Ctrl+Click the hyperlink, I will get the error that I did not have
permission for that resource. In other words, the customer also may input
the path in Run window to open it directly.

If you have any concern, please feel free to let me know.

Best regards,

Peter Huang

Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[KeithM]

Thanks peter,
am off for a week now but will chase up when I get back.

 

[Peter Huang [MSFT]]

Hi Keith,

Thanks for your quickly reply!
I look forward to hearing from you when you are back.


Best regards,

Peter Huang

Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[KeithM]

Hi Peter

I've checked with out 'system' guys here and summarise the scenario here.

The users are blocked from accessing the local 'C' drive but not by denying
then read access to the drive.
Instead the connection or mapping to their local drive is removed during
their logon process so they can only see their network drives.
However, their applications that they run, run off the local drive and some
of them use this drive for application specific files.
This is why the system guys cannot simply deny the users access to the local
drive because it causes the applications to then stop working correctly.

It is my plan now perhaps to use my COM addin to cycle through the document
looking for hyperlink fields.
If I find any I am hoping I can swap them for our own user defined field and
set an OnClick Handler that is in my AddIn.
Then when a user clicks on the field, I can trap it and then launch IE using
the stored address.

Do you think this is feasible?

Thanks

 

[Peter Huang [MSFT]]

Hi Keith,

I understand your scenario that the End Users is blocked by using the group
policy.
e.g. They will not see the My Computer, C: or even the Run Dialog.
But they actually have the NTFS permission to access the C: Driver.

For your solution I still have two possible risks although I will perform
some research to see if that can be done via Addin later.
1. If the Customer Use the Menu File/Open, he will see the File Dialog,
then if we hard code the path e.g. C:\test.txt, will the file be opened?
2. Based on my understand, the End User should have the option to disable
the COM Addin with COMAddin menu button, if once they disabled the Addin,
the code will not work again.

What is your comment?

Thanks!

Best regards,

Peter Huang

Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Peter Huang [MSFT]]

Hi Keith,

Based on my research, Word Object Modal did not expose such an event about
HyperLink and On_Click similar event.
So far I think it would better implement your scenario with NTFS file
permission.
I understand that the User may need to access to certian file, e.g. the
Winword.exe, I think we can deny him access to the other files.

Also in NTFS file permission, if we use the Advanced feature there will be
a speical permission setting Traverse Folder/Execute File.
1. Right click on a file/folder and open the properties page
2. Select Security
3. Select the Account/Group
4. Click Advanced
5. Click Permission
6. Select the User/group, click edit
7. There will be a special permission Traverse Folder/Execute File.

For detailed information please contact the System Administrator for NTFS
permission setting.

If you have any concern, please feel free to let me know.

Best regards,

Peter Huang

Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.