Microsoft KB Archive/810580

= Password protected Word documents may be edited if opened by OLE =

Article ID: 810580

Article Last Modified on 4/19/2007

-

APPLIES TO


 * Microsoft Office Word 2007
 * Microsoft Office Word 2003
 * Microsoft Word 2002 Standard Edition
 * Microsoft Word 2000 Standard Edition
 * Microsoft Word 97 Standard Edition

-



SUMMARY
Documents that are created in Word and that use a Modify Password option to prevent editing or saving changes to a document can be opened and modified without the password. This may occur if the document is opened by a client for OLE that uses IOleObject::DoVerb with the Open verb. A user can then edit or save the document without knowing the password.



STATUS
This behavior is by design.



MORE INFORMATION
Word provides a Modify Password option as a non-secure method of preventing accidental modification of a document. To find the Modify Password option, use one of the following techniques:
 * In Microsoft Office Word 2007, click the Microsoft Office Button, click Save As, click Tools, and then click General Options.
 * In Microsoft Office Word 2003 and in earlier versions of Word, click Save As on the File menu, click Tools, and then click Security Options.

The Modify Password option enables a flag that prevents Word from allowing users to edit and to save a document without a password to disable the flag. However, the Modify Password option does not use encryption. Therefore, the Modify Password option can be bypassed by any application that wants to bypass the option. Word grants edit access to an OLE host that requests access.

If you must protect documents from being edited by outside applications or processes, you must provide an Open Password instead. The Open Password option encrypts the file by using the strongest encryption that is available on the computer at the time of the Save. Without strong encryption, you cannot prevent another application from gaining modify access to a document.

