Posted on Tuesday, March 25 2014 @ 11:07 CET by Thomas De Maesschalck
Microsoft warns a dangerous Word exploit is making the rounds. By crafting code into .RTF documents to cause memory corruption, attackers are able to gain the same user rights as the current user and can execute arbitrary code.
Fortunately, according to the Microsoft engineers, tests showed that EMET default configuration can block the exploits seen in the wild.
The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer, Microsoft warned. By default, Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.
While the reported attacks are targeting Microsoft Word 2010, other software products affected by the vulnerability include: Microsoft Word 2003, Microsoft Word 2007, Microsoft Word 2013, Microsoft Word Viewer and Microsoft Office for Mac 2011.
Source: Security week
