This format is also supported natively by the Microsoft Windows® clipboard, so client applications are able to access RTF content from other applications. It is able to store all core text properties (size, font, color, style, justification, paragraph and so on). For more information on how to do that with Microsoft Outlook 2003, 2007, 20, see these two articles.RTF (Rich Text Format) is a document file format widely supported by most text processing software (Microsoft® Word®, Apache OpenOffice™ and so on). One way to harden your email client is to render emails in plain text. Microsoft notes that the vulnerability could be exploited via Outlook only when using Microsoft Word as the email viewer, but by default Word is the email reader in Microsoft Outlook 2007, Outlook 2010 and Outlook 2013. Microsoft says it’s working on an official fix for the flaw, but that in the meantime affected users can apply a special Fix-It solution that disables the opening of RTF content in Microsoft Word. To be clear, Microsoft said the exploits it has seen so far attacking this vulnerability have targeted Word 2010 users, but according to Microsoft’s advisory the flaw is also present in Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.” The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.
At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010.
“Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. In a notice published today, Microsoft advised: Microsoft warned today that attackers are exploiting a previously unknown security hole in Microsoft Word that can be used to foist malicious code if users open a specially crafted text file, or merely preview the message in Microsoft Outlook.
0 kommentar(er)
