0-Day Fixes

MICROSOFT WORD RTF VULNERABILITY COULD ALLOW REMOTE CODE EXECUTION

Summary

A vulnerability in Microsoft Word could, if successfully exploited, lead to remote code execution.

Detailed Description


A vulnerability in the way Microsoft Word parses Rich Text Format (RTF) files could lead to system memory corruption that could allow an attacker to gain the same user rights as the current user. If the user has full administrative rights on the system, the attacker could gain complete control of the compromised system. A user with fewer user rights may be less impacted.

To exploit this vulnerability, an attacker must lure the targeted user into opening specially crafted RTF content using the affected Word software. The content may be delivered via e-mail or hosted on a malicious webpage.

F-Secure Internet Security 2014 (with DeepGuard version 5) is able to detect and block this threat. For more information, please see:

In addition, F-Secure detects the files taking advantage of this vulnerability with these generic detections:

  1. Exploit.CVE-2014-1761.A - starting in Aquarius database version 2014-04-03_03, which was released on 4 April 2014
  2. Exploit:W32/CVE-2014-1761.A - starting in Hydra database 2014-04-04_02, which was released on 4 April 2014

Please allow F-Secure products to block installation of files that take advantage of this vulnerability.

CVE Reference


  • CVE-2014-1761

Detected Exploit


Detections

  • Exploit.CVE-2014-1761.A
  • Exploit:W32/CVE-2014-1761.A

Databases

  • Aquarius database version 2014-04-03_03 at 15:25:48 UTC
  • Hydra database version 2014-04-04_02 at 18:43:49 UTC

Release Dates

  • 7 April 2014
  • 7 April 2014

Solution


Microsoft recommends disable RTF viewing and/or enforce Word to open RTF files always in Protected View in Trust Center settings. In addition, a Fix it automated tool has been provided to facilitate implementing these workarounds. Complete instruction is available from Microsoft Security Advisory (2953095).

Removal/Disinfection

Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.

Original Source


Microsoft Security Advisory (2953095)

SCAN & CLEAN?: YES FREE?: ABSOLUTELY

Scan and clean your PC with F-Secure's Online Scanner. The best thing is, its free!

Learn More Try Out Now!