Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite.
A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying an incorrect listoverridecount field. Shellcode is loaded directly from the RTF file.
This exploit has been tested against Microsoft Office 2010 SP2 English on Windows 7 SP1. The exploit does not work if the RTF file is loaded in Microsoft Word "Protected Mode". In addition Microsoft EMET sucessfully mitigates the exploit attempt.
Install the patch referenced in Microsoft Security Bulletin 14-017.