Microsoft Word RTF Object Confusion

Added: 07/24/2014
CVE: CVE-2014-1761
BID: 66385
OSVDB: 104895

Background

Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite.

Problem

A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying an incorrect listoverridecount field. Shellcode is loaded directly from the RTF file.

Limitations

This exploit has been tested against Microsoft Office 2010 SP2 English on Windows 7 SP1. The exploit does not work if the RTF file is loaded in Microsoft Word "Protected Mode". In addition Microsoft EMET sucessfully mitigates the exploit attempt.

Resolution

Install the patch referenced in Microsoft Security Bulletin 14-017.

Platforms

Windows

Back to exploit index