Targeted Attacks on MS Word Utilize Recently Fixed Vulnerabilities

Recently, Microsoft malware Protection Center has cautioned netizens that cybercriminals can illegally gain access over office by means of a specially designed Rich Text Format (RTF) file.

The attackers or cybercriminals can access the compromised system and upload malicious programs, view and even delete the data. This flaw, in particular, is dangerous as it can be subjugated, in few configurations, by simply reading an e-mail.

The malicious software attacks in the form of a specially designed RTF file that exploits CVE-2010-3333, one of the flaws in Microsoft Word 2002, 2003, 2007, and 2010 was fixed on November 9, 2010 as an action of Microsoft's monthly security update.

CVE-2010-3333 can be defined as an RTF Stack Buffer Overflow flaw. RTF information is administered by Microsoft Word and users of MS Outlook can set Word as their e-mail reader in Outlook. Hence, in this type of a configuration, if a malware ridden e-mail encompasses RTF data, which exploits the flaw, it can activate simply by just reading the e-mail.

Besides, the flaw can be activated by enclosing a malware ridden RTF file to an e-mail and persuading the user to install and open the RTF file. As per the description of this attack, provided by Microsoft, they designated it as Exploit:Win32/CVE-2010-3333, indicating that it utilizes a different file, but is not absolutely clear on the topic.

As per the Microsoft malware Protection Center (MMPC), the group that scrutinizes attack code and issues signature updates for the firm's antivirus software, the first exploits were identified lately in December 2010, as reported by Computer World on December 30, 2010.

At the time, some other researchers had placed their bets on the bug as a hacker preference as users running Office 2007 or 2010 on their systems could be targeted if all they did was preview a specially designed RTF file in the Outlook e-mail client.

The best suggestion for netizens to evade these kinds of attacks is to ensure that they have installed MS10-087 on their systems. It's sensible to expect that anti-malware products, like Microsoft's, include or will soon include definitions for particular examples of this attack. Until then, netizens have been suggested to keep their anti-malware software updated and renew the patches immediately.

Related article: TRUSTe Certified Websites May Still Contain Malware

» SPAMfighter News - 1/11/2011