Security Bytes

Dec 15 2010   4:24PM GMT

Risk of email attachments highlighted by new Word flaw



Posted by: cgibney
Tags:

by Ron Condon, UK Bureau Chief

If you haven’t yet applied last month’s patches to Microsoft Office, it might be worth making it a priority.

Researchers at Trend Micro Inc. have spotted a new exploit that sits inside an RTF file. When the file is opened, it triggers a buffer overflow, which, in turn, causes Microsoft Word to crash. The malware then plants a Trojan on the machine, thereby allowing the attacker to execute his or her own commands on the affected system.

Trend Micro threat response engineer Karl Dominguez flags this as a serious concern because, in addition to the risk of email attachments, anyone receiving an RTF email message could immediately become infected. Microsoft Outlook uses Word to handle email messages, so the mere act of opening or viewing specially crafted messages in the reading pane could cause the exploit code to execute.

Microsoft has fixed the stack-based buffer overflow vulnerability in Microsoft Office that causes the problem. A patch, which can be found in the official Microsoft MS10-087 bulletin, was issued as part of November’s Patch Tuesday.

Trend Micro said it has detected the exploit RTF files as TROJ_ARTIEF.SM, which then drops in another malicious file called TROJ_INJECT.ART. Both affect systems running Windows 2000, Windows XP or Windows Server 2003.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: