Attackers are exploiting an unpatched vulnerability on Word 2010, according to Microsoft Corp.
The company released an automated tool yesterday which will help protect users of the software until a patch can be issued.
Three members of Google Inc.’s security team reported the Word flaw to Microsoft according to the software maker’s security bulletin. Click here to access the tool.
“An attacker could cause remote code execution if someone was convinced to open a specially-crafted Rick Text Format (RTF) file or a specially-crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer,” Dustin Childs, group manager for Microsoft’s Trustworthy Computing group, wrote in a blog yesterday.
So far attacks appear to be aimed at Word 2010. However, the bulletin said that affected software also includes Word 2003, Word 2007, World 2013, Office for Mac 2011 version of Word and Word 2013 RT for the Windows RT tablet OS.
Since Word is the default editor for Outlook 2007, Outlook 2010 and Outlook 2013 on Windows, attackers can use the flaw to get potential victims to open or preview a malformed message.
Cyber criminals can also carry out drive-by attacks that use vulnerability in Word’s RTF parsing.