26 Mar 2014

Microsoft Warns of Word 2010 Vulnerability

Microsoft is warning users of an unpatched remote code vulnerability that leaves Microsoft Word 2010 vulnerable to cyber-attacks.

According to a Microsoft security bulletin, the bug can be found in Word's Rich Text Format (RTF) files used for exchanging documents between users with different software programs.

The RTF files can be sent as email attachments and exploited for drive-by attacks, allowing an attacker to compromise a website to install malicious code on the visitor’s computer.

“An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer,” Microsoft says.

Microsoft Word is the default email reader in Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013.

So far, the attacks have been aimed at Word 2010, however affected software also includes Word 2003, Word 2007, Word 2013 and Word 2013 RT designed for Microsoft's Windows RT tablet operating system.

As a temporary solution, Microsoft has issued a fix that prevents Word from opening RTF files. Bitdefender protects Microsoft users, detecting this exploit as Exploit.CVE-2010-3333.N.