Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > PC and Mac versions of Office subject to RTF privilege boosting attack

PC and Mac versions of Office subject to RTF privilege boosting attack
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Mar 24, 2014, 05:08 PM
 
Microsoft has issued an advisory to users of its Microsoft Word application. In the note, the company says that remote code execution is possible if users open a maliciously crafted rich-text format (RTF) file, or open the same maliciously-crafted file in Outlook while using Microsoft Word as the email viewer. Outlook 2010 through 2013 default to using Microsoft Word as the email viewer, making users more vulnerable to attack.

Security advisory 2953095 includes a one-click "fix-it" file to address the known vectors of attack. Alternatively, a restrictive firewall will block some aspects of the attack. Microsoft's Enhanced Mitigation Experience Toolkit (EMET) version 4.1 with the recommended settings also prevents the attack.

The flaw exists in nearly all versions of Microsoft Office from 2003 through 2013, including Microsoft Office for Mac 2011.
( Last edited by NewsPoster; Mar 25, 2014 at 04:13 AM. )
     
Senior User
Join Date: Mar 2009
Location: pacific northwest
Status: Offline
Reply With Quote
Mar 24, 2014, 05:53 PM
 
And Microsoft thinks I would want Office on my iOS devices? Think again.
     
Dedicated MacNNer
Join Date: Jul 2009
Status: Offline
Reply With Quote
Mar 24, 2014, 06:01 PM
 
Seriously? Microsoft can't make their code truly cross-platform, but they can make their BUGS cross-platform? They can't lose their grip on the market too fast for me.
     
Dedicated MacNNer
Join Date: Jan 2002
Location: State of WA
Status: Offline
Reply With Quote
Mar 24, 2014, 06:41 PM
 
Yawn...
     
Fresh-Faced Recruit
Join Date: Mar 2011
Status: Offline
Reply With Quote
Mar 24, 2014, 07:17 PM
 
RTF has been a piece of crap concept that MS continues to flaunt for no other reason to make non-Outlook pissed off at getting these stupid winmail.dat files. As The Vicar states, they can't make cross-platform code, but they can create a cross-platform exploit? Gag.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 07:45 PM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2