-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2014-032

Title: Vulnerability in Microsoft Word could allow remote code execution

Version history:
11.03.2014 Initial publication

Summary
=======
There is a vulnerability affecting multiple versions of Microsoft Word.
At this time, we are aware of limited, targeted attacks directed at
Microsoft Word 2010. The vulnerability could allow remote code execution
if a user opens a specially crafted RTF file using an affected version
of Microsoft Word, or previews or opens a specially crafted RTF email
message in Microsoft Outlook while using Microsoft Word as the email
viewer. An attacker who successfully exploited the vulnerability could
gain the same user rights as the current user. Customers whose accounts
are configured to have fewer user rights on the system could be less
impacted than those who operate with administrative user rights.

The vulnerability is a remote code execution vulnerability. The issue is
caused when Microsoft Word parses specially crafted RTF-formatted data
causing system memory to become corrupted in such a way that an attacker
could execute arbitrary code. The vulnerability could be exploited
through Microsoft Outlook only when using Microsoft Word as the email
viewer. Note that by default, Microsoft Word is the email reader in
Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

CVE-2014-1761

Vulnerable systems
==================
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013

What can you do?
================
Applying the Microsoft Fix it solution, "Disable opening RTF content in
Microsoft Word," prevents the exploitation of this issue through
Microsoft Word. [3]

Deploy the Enhanced Mitigation Experience Toolkit, EMET helps mitigate
the exploitation of this vulnerability by adding additional protection
layers that make the vulnerability harder to exploit. EMET 4.1, in the
recommended configuration, is automatically configured to help protect
affected software installed on your system. No additional steps are
required. [4]

More information
================
[1] https://support.microsoft.com/kb/2953095
[2] https://technet.microsoft.com/security/advisory/2953095
[3] https://go.microsoft.com/?linkid=9845258
[4] https://support.microsoft.com/kb/2458544

Best regards,
CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJSYUMuAAoJEPpzpNLI8SVobkQP/RSquXEIu9vsai1ujQEH9KRu
QsmdRZPXwNOZ4RBOT3MEPfPG1afO9799B47r+ChjXBufZUO3SQtDv2zDeLl6Bc6m
g4mtH/tPKc8hLBT19f+WZrBtDl+YfIKu7deWFzxvt3lAzzCGxJKWLX+p1ihk6Yci
u9iD6vXcv6hJLFcX77MT7Af+Mkw6iWhxNJTAwGJOd8OQSJYQIPuKjrV5XGooiRSN
X1cCbTe5grTK+HBqqZeXB8yvX0ThDno3dEzHcQWpTiBlPLI+nJDumY3B5k++oUU5
nPSMZLcccBk3FezXS07lXLAaOnTHe9C+xTT7j3mB5B/L7Gm1oHuz4bgo0vNNqOFt
Y6Lw3yug1vLkciaEwEepCzRXgoxsNmoFedJAkLVYw1F9ZFkYvfIBeTg1sE6hCaxw
/Kx7vMbTMXXYw4frTsu18E/HHJlDbRhAs+QYY9fOlWpfvhgzuGdBBzducTmkG2ZM
ZlQbMJPHixxmxddu+Z+EOKCSoimQp1GX3e9pMhQ74FFCXkn9EH2OBeznXFpBR2Rz
p0AVmyaJgEc+43KlzN8K5o2O9k9Cg/EUc7AAXtRyYD5MQ8r7cZNq2ac9wqfAdjOJ
br6BEUbh5WQD1AV/Zh7JMS5xffHcbsKPx4NHsFP5/ljB2s9EsIbq70ifKvlJ9GWQ
UIClMzzeFAQ4qICy4uVF
=nO8k
-----END PGP SIGNATURE-----