Hidden fields in your Word documents can be used to peer into your PC and even grab your files. Here’s how to prevent that from happening.

A little-known trick in Word can let malicious users steal your private information and can even allow someone to get access to the files on your PC. It does this by using Word Fields, which are used to insert self-updating information into Word documents, such as page numbers in a header or footer. Some fields, though, can be hidden, and, because you can’t see them, you can’t tell what they’re doing.

One of these hidden fields, IncludeText, is generally useful; it can insert Word documents or Excel spreadsheets into other Word documents. However, the field can also be used maliciously. For example, let’s say someone sends you a document, you edit it, and then send it back to the person who sent it to you. If it included a hidden IncludeText field with specific files and their locations on your hard disk, those files on your hard disk could be sent back to the document originator without your knowing it.

There are several ways to solve the problem. One is to install a Microsoft patch that fixes the vulnerability. For more information and to download it, go to http://support.microsoft.com/default.aspx?scid=kb;en-us;329748.

Another way to solve the problem is to download the free Hidden File Detector from http://www.wordsite.com/HiddenFileDetector.html. It adds a new menu item, ...