Microsoft Word 2003 and 2002 contains a protection-bypass vulnerability. By performing a simple process outlined below, a user can unprotect a protected document without the use of a password cracker or other special tools. :(
This bug was discovered by Thorsten Delbrouck.
To see the bug for yourself follow the below demonstartion!!
1.) Open a protected document in Word.
2.) Choose the Save As Web Page (*.htm; *.html) option and close Word.
3.) Open the HTML document in any text editor.
4.) Search the <w:UnprotectPassword> tag for a line that looks like: <w:UnprotectPassword>ABCDEF01</w:UnprotectPassword>. Gather the password.
5.) Open the original .doc document with any hex editor.
6.) Search for hex values of the password (reverse order).
7.) Overwrite all four double-bytes with 0x00. Save, and close.
8.) Open the document in Word. Select Tools, Unprotect Document. Password is blank.