Specially Crafted RTF Files Could Allow Remote Code Execution When Opened With Microsoft Word

Microsoft has #-Link-Snipped-# warning Microsoft Office users about a vulnerability in Microsoft Word which potentially allows attackers to remotely execute malicious code via a specially crafted Rich Text Format (RTF) file. The “Word RTF Memory Corruption Vulnerability” was first discovered by Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team who then posted their findings to Microsoft. According to their reports, this vulnerability affects users who open the specially crafted RTF file using an affected version of Microsoft Word or preview the file on Microsoft Outlook (Microsoft Word is the default file viewer for RTF files). When Microsoft Word parses the RTF file, it causes the system memory to become corrupted in such a manner that an attacker is then free to execute arbitrary code, one of which is gaining the same user rights as that of user. Currently several versions of Word such as Word 2003, 2007, 2010 and 2013 along with Microsoft Office for Mac 2011 and multiple versions of Microsoft SharePoint Server are vulnerable to this attack.


While Microsoft has not exactly stated why these attacks are being carried out or by whom, #-Link-Snipped-# has deducted that that these attacks are not random large scale attacks but are meant for specific individuals or institutions since Mircosoft has used the term “targeted attacks” in its advisory. Microsoft says that they are currently investigating this situation and will be releasing a fix during its monthly security patches or an out-of-cycle security update. For the meanwhile it has advised users to download and apply the #-Link-Snipped-# which disables RTF content from opening in Microsoft Word.