Malicious .rtf file exploits MS Office flaw..!!

priyanshuit's picture


A stack-based buffer overflow vulnerability in Microsoft Office has recently been spotted being exploited in the wild by attackers aiming at getting control of targeted systems.

The flaw has been patched and the patch issued by Microsoft back in November, but the attackers clearly count on those users that don't keep their software up-to-date and don't have the habit of patching it regularly.

The attack is initiated by a specially crafted, malicious .rtf file that aim at crashing Microsoft Word in order to be able to inject a Trojan into the system. Trend Micro researcher Karl Dominguez is especially worried by the possibility of an attacker sending an RTF email to potential victims.

"Since Microsoft Outlook uses Word to handle email messages, the mere act of opening or viewing specially crafted messages in the reading pane may cause the exploit code to execute," he says.

Coincidentally, Microsoft has also recently announced that it will be incorporating the File Validation feature offered in Office 2010 into Office 2007 and 2003. "This feature verifies the contents of .doc, .xls, .ppt and .pub files as they are being read, and if it detects an issue, display a warning informing the user that there is a potential issue with the file," they say.

Source: www.net-security.org

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
1 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About the Author

priyanshuit's picture

Name
priyanshu

Last Name
sahay

Gender
Male

Website / Blog
http://www.hackersonlineclub.com

About me
Myself PRIYANSHU. >> Certified Cyber Law Expert >> Certified Cyber Security Expert >> Certified Ethical Hacker >> Working on Cyber Security, Ethical Hacking, Investigation, VAPT, Web Designing. Catch Me On >> Facebook: http://www.facebook.com/priyanshu.it Twitter: http://twitter.com/priyanshu_itech Email: priyanshu@cyber-india.in

Location
Delhi

Recent comments