Exploit code for critical MS Office flaw exploit found in the wild

A critical vulnerability in the way Microsoft Office handles RTF which can allow an attacker to remotely execute arbitrary code on the victim’s computer has been by Microsoft in November, but attacks exploiting it are still popping up in the wild, reports GCN.

Even though these attacks have not been extensive so far, the situation may change since Microsoft has reported that it has discovered a publicly available sample of a successful exploit for this flaw.

The vulnerability in question affects Office XP and Office 2003 SP 3, Office 2007 SP2, and Office 2010 (both the 32-bit and the 64-bit edition), and is exploited via a specially crafted RTF file that holds a size parameter that is bigger than expected.

Once inside, the attacker can execute malicious shellcode, which then downloads other malware.

What’s more, he or she can gain complete control over the affected system. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” says Microsoft, and urges all those who have still not downloaded and used the patch for this vulnerability to do so as soon as possible.

But even if they patch their systems, the users are not completely safe. In theory, since the flaw is present in Office software, Outlook could also be used to automatically load a similarly modified RTF e-mail message.

Microsoft suggests setting up Outlook to read e-mails in plain text formats and – just to be on the safe side – blocking the opening of RTF documents from unknown or untrusted sources by using Office File Block.

Don't miss