The problem relates to the way Microsoft implements the 128-bit RC4 encryption algorithm when re-saving documents after their initial creation. In this situation it appears that the programs use the same password key and initialization vectors to encrypt different versions of the same document. Normally where the same password key is being used, different vectors should be used. MS Office encryption flaw uncovered |