Now it seems that even the RTF formatting is not safe. Back in November of 2010 a stack overflow flaw was found that could allow someone to use a corrupted .rtf document to gain control over a system and execute the code they wanted (most commonly to inject malware on the system). Now there is another one that has been leveraged against Microsoft Office (and Word in particular) that uses the .RTF format to achieve its goal. This time the flaw takes advantage of Word (and Outlook if you are using Word as your email editor) on both Windows and Apple PCs.
The flaw affected unpatched versions of Office 2010, as well as Office 2003 and 2007 with the compatibility packs. According to Microsoft Security Bulletin MS12-029 released on May 8th this is a critical issue:
“This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Now we have told you that updates and patches are the bane of any organization and many users still do not like to update because of the time it take and the fear that one “fix” might break something else. On Windows it has become the default to force updates during shutdown, but that does not always cover all applications since you have to manually tell Windows you want to include them. OSX users are in an even worse boat as the updater in OSX cannot be configured to update Microsoft Products. To make sure you have the latest patches you have to use the Microsoft Office Updater utility or download them directly from Microsoft.
To see if you have already patched this (the patch should have come out on the 8th as well) you can look for patches shown in the screen shot below. This new vulnerability although through a Microsoft product still highlights the relatively unprotected world that Apple systems live in. In the Windows world there are still dozens or malware detection and prevention applications that can detect these files before they are opened. In Apple’s world the pickings are much smaller.
Discuss this in our Forum
Thursday, 10 May 2012 12:17
Rich Text Format Flaw Leaves OSX and Windows Vulnerable If Running MS Office
Written by Sean KalinichReading time is around minutes.
In the IT world there was a time when we all feared the Marco viruses that could be embedded into Word, Excel and other Microsoft Office Products. It was bad enough at one point that I found a single system with over 3,200 counts of an Excel Macro virus (it replicated itself quite nicely). Back then it was common for IT to recommend the use of RTF (Rich Text Format) instead of .DOC for documents and there was even an option inside exchange to force the use of this format even if the end user has Word as their email editor.
Published in
News
Tagged under
Latest from Sean Kalinich
- ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
- Social Manipulation as a Service – When the Bots on Twitter get their Check marks
- To Release or not to Release a PoC or OST That is the Question
- There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
- NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Leave a comment
Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.