Microsoft Office vulnerable to hackers

Could allow remote execution of code via RTF Word files

An exploit has been discovered in the wild that can successfully attack a critical vulnerability in the way Microsoft Office handles Rich Text Format data, allowing remote execution of code on a victim computer.

Microsoft released a patch for the vulnerability, known as CVE-2010-3333, in November, and no widespread outbreaks of exploits have yet been reported. The public availability of an exploit lowers the bar for attackers, however, and increases the urgency for seeing that affected software is patched.

“Hopefully, everybody is adhering to best practices and patching as soon as possible,” said Joshua Talbot, security intelligence manager for Symantec Security Response. “If people haven’t made this a priority, now would be a good time.”

Related stories:

Patch management: It's not sexy, but it can keep you secure

Microsoft wants more control over vulnerability information

The RTF Stack Buffer Overflow Vulnerability affects Microsoft Office XP and Office 2003 Service Pack 3, Office 2007 SP2, as well as Office 2010 32-bit and 64-bit editions. Microsoft described the vulnerability and released a patch for it in its November security bulletin. A flaw in the way Office software processes RTF data can allow an attacker to take control of the victim's computer to install programs; view, change, or delete data; or create new accounts with full user rights.

The vulnerability was rated important or critical, depending on the platform.

“We predicted at the time that it would become a target of attackers,” Talbot said. “Since then we’ve seen a number of attacks in the wild, but no widespread exploitation.”

But with the public availability of attack code, that could change. “The main concern is that the exploit is available so that less-skilled attackers can use it,” Talbot said.

Microsoft’s Malware Protection Center Blog reported on Dec. 29 that a sample of a successful exploit for this vulnerability able to execute malicious shellcode that downloads other malware had been found a few days before Christmas.

“The vulnerability can be triggered by utilizing a specially crafted RTF file with a size parameter that is bigger than the expected one,” Microsoft reported in its MMPC blog. “The vulnerability is present in Microsoft Word. It attempts to copy RTF data to the stack memory without validating the size, which will lead to overwriting the stack.”

In addition to patching affected software, Microsoft recommended using Office File Block to block opening RTF documents from unknown or untrusted sources.

Because the vulnerability exists in Office software, Microsoft Outlook also could be used as a vector for delivering attacks by sending an RTF message by e-mail and having it open automatically in the Outlook preview pane. The current exploit uses only RTF Word documents, however, which could reduce the danger because it would require the recipient to open the document rather than having this happen automatically.

Microsoft advises reading e-mails only in plain text formats as a workaround. Users of Outlook 2002 who have applied Office XP Service Pack 1 or a later version can require that messages that are not digitally signed or encrypted be read only as plain text.


About the Author

William Jackson is a Maryland-based freelance writer.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.