Printed from http://www.electronista.com

PC and Mac versions of Office subject to RTF privilege boosting attack

updated 04:08 pm EDT, Mon March 24, 2014

No patch currently available, but mitigation of the problem possible

Microsoft has issued an advisory to users of its Microsoft Word application. In the note, the company says that remote code execution is possible if users open a maliciously crafted rich-text format (RTF) file, or open the same maliciously-crafted file in Outlook while using Microsoft Word as the email viewer. Outlook 2010 through 2013 default to using Microsoft Word as the email viewer, making users more vulnerable to attack.

Security advisory 2953095 includes a one-click "fix-it" file to address the known vectors of attack. Alternatively, a restrictive firewall will block some aspects of the attack. Microsoft's Enhanced Mitigation Experience Toolkit (EMET) version 4.1 with the recommended settings also prevents the attack.

The flaw exists in nearly all versions of Microsoft Office from 2003 through 2013, including Microsoft Office for Mac 2011.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. prl99

    Dedicated MacNNer

    Joined: 03-24-09

    And Microsoft thinks I would want Office on my iOS devices? Think again.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Seriously? Microsoft can't make their code truly cross-platform, but they can make their BUGS cross-platform? They can't lose their grip on the market too fast for me.

  1. Mr. Strat

    Forum Regular

    Joined: 01-23-02

    Yawn...

  1. DrSkywalker

    Fresh-Faced Recruit

    Joined: 03-29-11

    RTF has been a piece of crap concept that MS continues to flaunt for no other reason to make non-Outlook pissed off at getting these stupid winmail.dat files. As The Vicar states, they can't make cross-platform code, but they can create a cross-platform exploit? Gag.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News