Microsoft Word RTF Stylesheet Control Word Memory Corruption - Ver2 (CVE-2008-4031)

A memory corruption vulnerability has been reported in Microsoft Office Word. The vulnerability is due to an error in Microsoft Word that fails to properly handle malformed Rich Text Format. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on t...

Microsoft Word RTF Drawing Primitives Remote Code Execution (MS08-072) - Ver2 (CVE-2008-4028)

Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...

Microsoft Office RTF File listid Use-After-Free - Ver2 (CVE-2012-2528)

A use-after-free vulnerability has been reported in Microsoft Office Word. The vulnerability is due to a memory handling error while parsing specially crafted RTF Rich Text Format files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...

Microsoft Word RTF Control Word Handling Integer Overflow (MS08-072) - Ver2 (CVE-2008-4025)

Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...

CVE-2014-1761

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attacker...

Memory corruption

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attacker...

Word Zero Day Attacks Use Complex Chain of Exploits

The exploit that attackers are using to target a zero day vulnerability in Microsoft Word relies on a complex series of pieces, including an ASLR bypass, ROP techniques and shellcode with several layers of tools designed to detect and defeat analysis. Microsoft officials said the exploit is being...

Microsoft Word RTF文件解析错误代码执行漏洞

CVE ID:CVE-2014-1761 Microsoft Word 是微软公司的一个文字处理软件。 因Microsoft Word在解析畸形的RTF格式数据时存在错误导致内存破坏，使得攻击者能够执行任意代码。当用户使用Microsoft Word受影响的版本打开恶意RTF文件，或者Microsoft Word是Microsoft Outlook的Email Viewer时，用户预览或打开恶意的RTF邮件信息，攻击者都可能成功利用此漏洞，从而获得当前用户的权限。值得注意的是，Microsoft Outlook 2007/2010/2013默认的Email Viewer都是Microso...

Microsoft Releases Security Advisory

Microsoft has released a security advisory for Microsoft Word. A vulnerability exists for remote code execution which could allow an attacker to gain user rights by opening a specifically crafted Rich Text Format file. Applying the Microsoft Fix it solution will disable the opening of RTF content...

Microsoft Office memory corruption

Microsoft Word RTF parsing 0-day vulnerability is exploited in-the-wild...

Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the Google security team. “At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010…” company said. According to Microsoft's...

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

CVE-2014-1761

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attacker...

Microsoft Advisory Warns of Word Zero-Day Attacks

Targeted attacks have been spotted against a zero-day vulnerability in Microsoft Word 2010, leading Microsoft to issue a special security advisory and produce a Fix-it solution for users until a patch is ready. Microsoft also said that its Enhanced Mitigation Experience Toolkit EMET is a temporar...

Microsoft Office RTF Mismatch Memory Corruption (MS12-029) - Ver2 (CVE-2012-0183)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to a memory corruption while parsing specially crafted RTF-formatted data. A remote attacker can exploit this issue by enticing a target user to open a specially crafted RTF file. Successful...

Microsoft Word RTF Object Parsing Remote Code Execution (MS08-072) - Ver2 (CVE-2008-4027)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to a memory calculation error in Microsoft Word that fails to properly handle specially crafted control words in Rich Text Format .rtf files....

Office 2003 SP3, Office 2007 SP2, Office 2011 Stack-based buffer overflow

Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overfl...

Oracle Linux 3 / 4 : openoffice.org (ELSA-2007-0406)

From Red Hat Security Advisory 2007:0406 : Updated openoffice.org packages to correct a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office...

CVE-2013-0710

Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document...

Buffer overflow

Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document...