Microsoft Word and WordPad RTF HTA handler command execution

Added: 04/20/2017
CVE: CVE-2017-0199
BID: 97498

Background

Rich Text Format (RTF) is a text file format supported by various Microsoft products and word processors. RTF supports text styling, images, and embedded objects.

Problem

A vulnerability in Microsoft Word and WordPad could allow command execution when a user opens a specially crafted RTF file containing an embedded object which links to an HTA file on an attacker's web site.

Resolution

Apply one of the updates referenced in Microsoft advisory CVE-2017-0199.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html

Limitations

Exploit works on Windows 7, and requires a user to open the RTF file in Microsoft Word or WordPad.

Platforms

Windows

Back to exploit index