Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability
ZDI-12-186: November 15th, 2012CVE ID
CVSS Score
Affected Vendors
Affected Products
-
Office
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 12309 . For further product information on the TippingPoint IPS:Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.
Vendor Response
Microsoft has issued an update to correct this vulnerability. More details can be found at:Disclosure Timeline
-
2011-11-29 - Vulnerability reported to vendor
2012-11-15 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Anonymous
