Posted by: cgibney
by Ron Condon, UK Bureau Chief
If you haven’t yet applied last month’s patches to Microsoft Office, it might be worth making it a priority.
Researchers at Trend Micro Inc. have spotted a new exploit that sits inside an RTF file. When the file is opened, it triggers a buffer overflow, which, in turn, causes Microsoft Word to crash. The malware then plants a Trojan on the machine, thereby allowing the attacker to execute his or her own commands on the affected system.
Trend Micro threat response engineer Karl Dominguez flags this as a serious concern because, in addition to the risk of email attachments, anyone receiving an RTF email message could immediately become infected. Microsoft Outlook uses Word to handle email messages, so the mere act of opening or viewing specially crafted messages in the reading pane could cause the exploit code to execute.
Microsoft has fixed the stack-based buffer overflow vulnerability in Microsoft Office that causes the problem. A patch, which can be found in the official Microsoft MS10-087 bulletin, was issued as part of November’s Patch Tuesday.
Trend Micro said it has detected the exploit RTF files as TROJ_ARTIEF.SM, which then drops in another malicious file called TROJ_INJECT.ART. Both affect systems running Windows 2000, Windows XP or Windows Server 2003.