HTTP: Microsoft Word RTF File Handling Memory Corruption
This signature detects attempts to exploit a known heap overflow vulnerability in the way Microsoft Word and Microsoft Outlook process Rich Text Format (RTF) files. It is due to an integer overflow while parsing Control Words inside a malicious RTF file. A remote attacker can exploit this by enticing the target user to open a crafted RTF file or an RTF formatted e-mail using the affected applications, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a successful attack, the behavior of the target depends on the intention of the attacker. In an unsuccessful code execution attack, the affected product terminates resulting in the loss of any unsaved data from the current session.
Extended Description
Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Affected Products
Microsoft office_xp
Short Name
HTTP:STC:DL:WORD-RTF-MEM
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2008-1091 Corruption File Handling Memory Microsoft RTF Word bid:29104
Release Date
10/25/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3