Home » Black Hat » Zero Day vulnerability found in MS-Word

Zero Day vulnerability found in MS-Word

A zero day vulnerability (Remote code execution or RCE) has been found in Microsoft Word that makes possible for attackers to remotely seize access and controls of remote computers. This was reported by Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google security team. Refer to Microsoft official security advisory page (CVE-2014-1761) for more information on this vulnerability.

This vulnerability can be exploited if a user opens a special crafted RTF (Rich Text Format) file using Microsoft Word 2010, or previews or open the RTF file using Microsoft Outlook with MS-Word as document viewer, causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. As Microsoft stated the following,

At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word or previews or opens a specially crafted RTF e-mail message in Microsoft Outlook while using Microsoft Word as the e-mail viewer.

This attack works against older version of Microsoft Word, including 2003, 2007, and 2013 for Windows, Microsoft Office for Mac 2011, and multiple versions of Microsoft SharePoint Server.

Once the vulnerability is exploited, it allows the attacker to get the same user rights and priviliges as the victim of this exploit. Microsoft has given a temporary fix which will configure Microsoft Office to prevent opening of RTF files in affected versions of Microsoft Word. However, there is no permanent fix for it is yet issued.

About Ashish Srivastava

Leave a Reply

Your email address will not be published. Required fields are marked *

*