Security researcher Joshua Drake released a proof-of-concept for a critical vulnerability, tracked as CVE-2023-21716 (CVSS score 9.8 out of 10), in Microsoft Word.
The vulnerability can be exploited by a remote attacker to execute arbitrary code on a system running the vulnerable software. The issue can be easily exploited, anyway, it can be exploited only with user interaction.
Microsoft addressed the vulnerability with the release of the February Patch Tuesday security updates.
The vulnerability was discovered by Drake in November, it resides in the in Microsoft Office’s “wwlib.dll” library.
“An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file.” reads the advisory published by Microsoft.
The vulnerability can be also be exploited by simply loading a specially crafted RTF document in the Preview Pane.
Drake discovered a heap corruption vulnerability in the RTF parser in Microsoft Word that can be triggered dealing with a font table (*\fonttbl*) containing a large number of fonts (*\f###*).
“Following this memory corruption, additional processing takes place. With a properly crafted heap layout, an attacker cause the heap corruption to yield arbitrary code execution. Using the proof-of-concept code supplied below, processing eventually reaches the post-processing clean up code.” reads the technical post published by the researchers.
The researchers shared a proof-of-concept code that trigger the bug to launch the Calculator app in Windows.
The good news is that at this time Microsoft is not aware of attacks in the wild exploiting this vulnerability.
Microsoft also provided workarounds to protect against this vulnerability, the IT giant recommends users to read email messages in plain text format.
Microsoft also recommends to use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Microsoft Word)
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.