A stack-based buffer overflow vulnerability in Microsoft Office was recently discovered to have been actively exploited in the wild. Trend Micro now detects the exploit .RTF files as TROJ_ARTIEF.SM.
The malicious .RTF files have shell codes designed to overflow the stack and to cause Microsoft Word to crash. As a result, malicious users can execute arbitrary commands on an affected system.
From the screenshot above, we can see that the malware employed a (NOP) sled to overflow the buffer and to execute codes in the context of Microsoft Word. The malware we encountered dropped another malicious file detected as TROJ_INJECT.ART.
One of the more serious concerns is that a malicious user could send an RTF email to target users. Since Microsoft Outlook uses Word to handle email messages, the mere act of opening or viewing specially crafted messages in the reading pane may cause the exploit code to execute.
Microsoft already released an update to address the said vulnerability. Users are strongly advised to download and install the patch, which can be found in the official bulletin MS10-087. This was issued as part of November’s Patch Tuesday.
Post from: TrendLabs | Malware Blog – by Trend Micro
Malicious .RTF Files Exploit Microsoft Office Vulnerability
– Karl Dominguez (Threat Response Engineer) on TrendLabs | Malware Blog – by Trend Micro
Related Posts
- Analysis of a Malicious Script to build Infected Doc Files – 2003 Office Exploit
Hi,In this period I'm heavy working on Microsoft Compound Files, the Format that pertain to MS Office Files, like:DocXlsPptIn this blog post I'll not cover details of file format due to the... - One more Adobe 0-day vulnerability using Office files
Today Adobe announced a new 0-day vulnerability (CVE-2011-0611) in Adobe Flash Player and Adobe Acrobat that, similar to the previous 0-day from less than a month ago, was found embedded in a Microsof... - Targeted attacks against recently addressed Microsoft Office vulnerability (CVE-2010-3333/MS10-087)
Last November, Microsoft released security bulletin MS10-087, which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. One of them is CVE-2010-... - Malicious Office Files Analysis – pyOLEScanner and Cryptoanalytical Approach
In this article I'm going to talk about Malware Analysis and Malicious Anatomy of Infected Microsoft Office files like doc/xls/ppt. A fast overview of this threat has been already exposed into previou... - Troj/PDFJs-JN: An exploit kit encapsulating malicious TIFF files
Earlier this week, my colleague Fraser pointed me at a sample we had received called libtiff.pdf. He wrote a quick detection for it (Troj/PDFJs-JN) and left me to investigate the file further. He wasn... - Firefox 4 gets its first security update
Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser's first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in... - Microsoft Windows SMB “mrxsmb.sys” Remote Heap Overflow Vulnerability
Technical Description
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers or malicious users to cause a denial of service or take complete control o... - Microsoft Warns of Windows Script Injection Vulnerability
Microsoft tonight released a security advisory for a publicly-disclosed vulnerability in all versions of Windows. Security Advisory 2501696 describes a bug in the MHTML handler in Windows wh... - Zero-day Windows exploit – Microsoft issues advisory
Microsoft has just published an advisory about a remotely-exploitable vulnerability in the Windows graphics rendering engine. A patch isn't available yet, but with Patch Tuesday just a week away, we ... - Exploit For Unpatched IE Vulnerability Released
Microsoft has issued an advisory for an unpatched vulnerability affecting all versions of Internet Explorer on all platforms. The vulnerability could allow a malicious web page to trigger a ...
Posted on 27 December 2010. Tags: .RTF, Exploit, Files, Malicious, Microsoft, Office, Vulnerability
