Microsoft Warns of Attacks against Office RTF Vulnerability Patched in November

Microsoft is warning customers running supported versions of Office that it has detected attacks in the wild designed to exploit a vulnerability in the Word component of the productivity suite which was patched in November 2010.

According to the Redmond company, the targeted attacks aim to leverage Microsoft Office vulnerability CVE-2010-3333 which was patched with the release of security bulletin MS10-087 the past month.

Obviously, considering the new attacks, customers that have yet to deploy MS10-087 should do so as soon as possible in order to render any exploit attempts useless.

“Last November, Microsoft released security bulletin MS10-087, which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats.

“One of them is CVE-2010-3333, "RTF Stack Buffer Overflow Vulnerability," which could lead to remote code execution via specially crafted RTF data.

“A few days before Christmas, we received a new sample that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware,” informed Microsoft’s Rodel Finones.

MS10-087 is designed to patch no less than six vulnerabilities in various versions of Office.

According to information provided by the Redmond company, Office 2010 as well as Office 2007, Office 2003, Office XP, Office 2004 for Mac, Office 2008 for Mac, and Office for Mac 2011 are all affected by the security flaw.

One of the six security holes plugged with MS10-087, namely the RTF vulnerability, which carries a rating of Critical, has been disclosed in the wild before the patch was made available.

Security vendor Trend Micro had already warned of the existence of attacks targeting the RTF vulnerability as of mid-December 2010.

The flaw “could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message,” Microsoft explained.

“An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”