[Security] 強制移除 Excel (xlsx) 保護密碼

Microsoft Office 從 2000 後, 改了用XML 格式儲存, 雖然用了Office Open XML 格式進行儲存, 但其實資安上卻產生了因此而出現的漏洞. Office Open XML 是Microsoft 的文件檔案格式, 其實做法類似 JAR, 將有關的 xml 檔打包, 當中write protected 的密碼設定, 就在其中. 在此示範如何移除相關設定.

  1. 打開Write-Protect 的 sheet XML 檔.
    利用壓宿軟件(e.g. WinRAR, 7-zip)打開xlsx 檔, 利用文字編輯軟件打開 \xl\<<SHEET_NAME>>.xml;
  2. 移除write-protect 的mark-up.
    在編輯軟件中, 找出<sheetProtection password=… />的mark-up, 並移除. 之後儲存.
     
  3.  測試是否達標.
    開啟Excel, 嘗試修改Write-protect 的area, 若可以輸入, 代表測試成功.  
About C.H. Ling 262 Articles
a .net / Java developer from Hong Kong and currently located in United Kingdom. Thanks for Google because it solve many technical problems so I build this blog as return. Besides coding and trying advance technology, hiking and traveling is other favorite to me, so I will write down something what I see and what I feel during it. Happy reading!!!

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.