Microsoft has warned of a vulnerability that exists in its Word 2010 software that is being exploited in targeted attacks by cybercriminals and affects the popular Rich Text Format filetype.
The vulnerability, listed in an advisory, is caused when Microsoft Word parses RTF-formatted data. This can cause system memory to become corrupted, making it easier for an attacker to execute arbitrary code.
An attacker could host a website with specially crafted RTF file types to create this vulnerability, or create and host content designed to exploit any system that may have been already affected. Infection is usually achieved through malicious links in emails to the host's computer.
Worries on Word
Once inside a system, the criminal will be able to infect other users with the same rights. If an administrative account is compromised, every other user on that machine may be at risk.
Microsoft has said that it is working with partners to increase the information on offer and to give their customers, the necessary tools to shield themselves from the exploit.
As a possible temporary fix, the company is asking users to disable RTF content in Microsoft Word, read their emails in plain text and use file blocking policies to prevent malicious content from appearing in emails and messages.
