Microsoft Word RTF Object Confusion

2014-07-24T00:00:00
ID SAINT:4F660A635C8D52BFD2A293D913B460E3
Type saint
Reporter SAINT Corporation
Modified 2014-07-24T00:00:00

Description

Added: 07/24/2014
CVE: CVE-2014-1761
BID: 66385
OSVDB: 104895

Background

Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite.

Problem

A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying an incorrect listoverridecount field. Shellcode is loaded directly from the RTF file.

Limitations

This exploit has been tested against Microsoft Office 2010 SP2 English on Windows 7 SP1. The exploit does not work if the RTF file is loaded in Microsoft Word "Protected Mode". In addition Microsoft EMET sucessfully mitigates the exploit attempt.

Resolution

Install the patch referenced in Microsoft Security Bulletin 14-017.

Platforms

Windows