According to Microsoft, the vulnerability would give the hacker the same rights as the current user and allow remote code execution. The company warned that it had already seen Word 2010 targeted in the wild.Microsoft is aware of this vulnerability affecting supported versions of Microsoft Word. At this time, they are aware of limited, targeted attacks directed at Microsoft Word 2010.
The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code.
The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.
They are actively working with partners in our Microsoft Active Protections Program (MAPP) to offer information that they can use to provide additional protections to customers.
Mitigating Factors:
- An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- In a web-based attack scenario, an attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release.
Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems.
No comments:
Post a Comment