The Latest in IT Security

New Microsoft Word Zero-Day Used in Targeted Attacks

25
Mar
2014

Vulnerability CVE-2014-1761 in Microsoft Word Could Allow Remote Code Execution, Microsoft Warns

Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word that is being actively exploited in targeted attacks directed at Microsoft Word 2010.

“The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,” Microsoft explained in the advisory.

If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges.

Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word, Microsoft said.

Specifically, the issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted, giving a potential attacker the ability execute arbitrary code on the affected system.

“In a web-based attack scenario, an attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability, Microsoft explained. “In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.”

The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer, Microsoft warned. By default, Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft.

Tweet

Managing Editor, SecurityWeek.Previous Columns by Mike Lennon:New Microsoft Word Zero-Day Used in Targeted AttacksCyber Security Research Alliance Announces First RD Projects with Academic PartnersPalo Alto Networks to Acquire Cyvera for $200 MillionContent Distribution Networks Fuel Rising Threat of Digitally Signed MalwareMass Compromise Attack Hits Web Sites Running on Old Linux Kernel

sponsored links

Tags: NEWS INDUSTRY

Vulnerabilities

Comments are closed.

Categories

THURSDAY, NOVEMBER 23, 2017

Featured

Archives

Latest Comments

Social Networks