Microsoft has revealed that hackers have attempted to exploit a bug in Microsoft Word. The bug was fixed in a security update last month, but the company is also concerned that some users may not have installed the update.
The bug involves the way MS Word handles rich text format (.RTF) files. This is a format used for text documents that have a very limited degree of formatting information compared to full-blown MS Word documents. The format is most commonly used as a way of moving documents from one word processor to another without altering the text's formatting.
RTF Flaw Causes Memory Stack Overflow
The bug means it's possible to create a disparity between the stated size of the file and its actual size. To exploit the flaw, a hacker would send an email message using the .RTF file format. When a user attempts to open the message, some of the data "spills over" from the assigned space in the computer's memory, a process known as a stack buffer overflow.
In theory, this could allow a malicious program to gain access to other parts of the computer and cause it to carry out malicious activity -- for example, to automatically install spyware on a computer. (Source: technet.com)
RTF Attacks Already Underway
Microsoft has now confirmed hackers are trying such a tactic. There is some potential for confusion over the bug, however. Although the vulnerability is in Word, it is triggered by using Microsoft Outlook to view emails. The Office software suite uses MS Word to produce a preview of RTF messages that appear in MS Outlook before the user opens an email.
That makes such attacks particularly serious, as they simply require the user to receive an infected message without even opening it. Most hacking attacks involve a user either opening an infected attachment or following a link to a bogus website.
Multiple Editions of MS Word Affected
The bug can affect 2002, 2003, 2007 and 2010 editions of Microsoft Word. Each was patched in last month's regular security update, so any users who don't have their copy of Windows set to download and install such updates automatically should visit the Windows Update website immediately and check that they have indeed applied the patch. (Source: computerworld.com)
The same bug is present in the Mac versions of Word, though the current attacks have solely been targeted at Windows computers.