0.975 High
EPSS
Percentile
100.0%
Added: 04/20/2017
CVE: CVE-2017-0199
BID: 97498
Rich Text Format (RTF) is a text file format supported by various Microsoft products and word processors. RTF supports text styling, images, and embedded objects.
A vulnerability in Microsoft Word and WordPad could allow command execution when a user opens a specially crafted RTF file containing an embedded object which links to an HTA file on an attacker’s web site.
Apply one of the updates referenced in Microsoft advisory CVE-2017-0199.
<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199>
<https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html>
Exploit works on Windows 7, and requires a user to open the RTF file in Microsoft Word or WordPad.
Windows
0.975 High
EPSS
Percentile
100.0%