Tweet

A stack-based buffer overflow vulnerability in Microsoft Office was recently discovered to have been actively exploited in the wild. Trend Micro now detects the exploit .RTF files as TROJ_ARTIEF.SM.

The malicious .RTF files have shell codes designed to overflow the stack and to cause Microsoft Word to crash. As a result, malicious users can execute arbitrary commands on an affected system.

From the screenshot above, we can see that the malware employed a (NOP) sled to overflow the buffer and to execute codes in the context of Microsoft Word. The malware we encountered dropped another malicious file detected as TROJ_INJECT.ART.

One of the more serious concerns is that a malicious user could send an RTF email to target users. Since Microsoft Outlook uses Word to handle email messages, the mere act of opening or viewing specially crafted messages in the reading pane may cause the exploit code to execute.

Microsoft already released an update to address the said vulnerability. Users are strongly advised to download and install the patch, which can be found in the official bulletin MS10-087. This was issued as part of November’s Patch Tuesday.