Skip to main content

RTF Vulnerability Exploited To Infect Microsoft Word

Hackers are using a recently patched flaw in Microsoft's Word software in order to infect systems with malware, the company has warned.

According to Microsoft, the vulnerability that is being exploited in the wild was discovered in Microsoft Word 2002, 2003, 2007 and 2010 and was promptly patched in a November 9 software update released by the company.

Microsoft had also released patches for Word 2008 and Word 2011 for Mac but had failed to do so for the Mac version of Office 2004. Microsoft said that the vulnerability is currently being exploited in the Windows version of Office.

In a blog post, the Microsoft Malware Protection Center team informed that the some of the first attacks involving the vulnerability surfaced last week.

“The vulnerability can be triggered by utilizing a specially crafted RTF file with a size parameter that is bigger than the expected one. The vulnerability is present in Microsoft Word. It attempts to copy RTF data to the stack memory without validating the size, which will lead to overwriting the stack,” the company explained,