Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Word Zero-Day Used In Targeted Attacks

Posted by Unknown on from the upgrade-your-word-processor dept.

wiredmikey (1824622) writes "Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word 2010 that is being actively exploited in targeted attacks. If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges. 'The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,' Microsoft explained Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft."

6 of 88 comments (clear)

  1. Wasn't RTF supposed to be minimalistic and simple? by skids · · Score: 4, Insightful

    Last time I looked RTF (decade or so ago) was a pretty bare-bones least-common-denominator document markup specification.

    --
    Someone had to do it.
  2. this should never have happened by chromaexcursion · · Score: 4, Informative

    A simple protocol, no need for system access.
    Oh well, MS seems to have found a way to screw that up.

    Maybe Bill should pay to fix it ...

    1. Re:this should never have happened by marsu_k · · Score: 4, Funny

      I managed to right a dissertation on MacWrite back in 93 without ever once thinking it needed more functionality.

      I'm guessing it didn't include a spell checker?

  3. Re: The question......... by Anonymous Coward · · Score: 5, Funny

    RTFA

  4. Is LibreOffice vulnerable to the same exploit? by mmell · · Score: 4, Insightful

    No? Okay, later.

    1. Re:Is LibreOffice vulnerable to the same exploit? by RoLi · · Score: 5, Informative

      Probably the MS-fans will think that's a problem, because LibreOffice is not "compatible".

      In fact the very fact that LibreOffice is an independent implementation of the file formats is a big advantage, because it is much more robust - When you reverse-engineer something you usually cover all possibilities (of a variable, etc.) - this is also the reason why you can often open corrupted .doc files with LibreOffice.