Microsoft has issued an advisory to users of its Microsoft Word application. In the note, the company says that remote code execution is possible if users open a maliciously crafted rich-text format (RTF) file, or open the same maliciously-crafted file in Outlook while using Microsoft Word as the email viewer. Outlook 2010 through 2013 default to using Microsoft Word as the email viewer, making users more vulnerable to attack.
Security advisory 2953095
includes a one-click "fix-it" file to address the known vectors of attack. Alternatively, a restrictive firewall will block some aspects of the attack. Microsoft's Enhanced Mitigation Experience Toolkit (EMET) version 4.1 with the recommended settings also prevents the attack.
The flaw exists in nearly all versions of Microsoft Office from 2003 through 2013, including Microsoft Office for Mac 2011.