"Web Bugs" in Microsoft Word

This vulnerability was initially discovered in 2000 by Richard M. Smith. It received some press coverage at the time, but the threat was downplayed because nobody was known to be exploiting it at the time. In the four years since then, Microsoft has released two new versions of Office but has yet to correct the problem . Meanwhile, at least one commercial service has sprung up to help users exploit the flaw for surreptitious tracking.

I have written a program (available below) to scan for these bugs in Word documents and remove them. Unfortunately, the vulnerability in Word can be extended to any application that supports OLE, including Excel and PowerPoint, by embedding the tracking bugs as Word OLE objects. Since each application uses a different format for writing OLE data to disk, it would be very difficult to write a general-purpose scanner.

Related files:

• TrackerRemover.doc - Word tracking bug scanner/remover  [Screen shot]
  This program will scan for web bugs in a single Word document or a whole directory tree. If the program finds potential bugs it will ask whether you want to remove them.

• TrackingExample.doc - Example Word tracking bug  (Privacy warning: This file contains a web bug.)
  This file contains an example of a web bug embedded in a Word document. Whenever you open this file, Word will make an HTTP request to my server, revealing your IP address and other information about your system.