Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft announces vulnerability when viewing RTF documents in Word


  • Please log in to reply
No replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:07 PM

Posted 25 March 2014 - 03:19 PM

Microsoft yesterday announced a new vulnerability in Word where specially crafted RTF files could cause your computer to execute commands without your permission. Microsoft Security Advisory (2953095) explains how attackers are currently using this vulnerability to execute commands on computers that open these types of RTF documents. This vulnerability also exists in Outlook if it is configured to use Word as its email viewer.

The advisory states:

Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.


At this point there is no patch available, but Microsoft has released a Fixit that can be used to disable the opening of RTF content in Word. This fixit should be used by all users of Word until an official patch is released.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users