Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

jeudi 27 mars 2014

Vulnerability in Microsoft Word could allow remote code execution (CERT-EU Security Advisory 2014-032)

There is a vulnerability affecting multiple versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 227

x

Événements SSI