Number:IRCNE2014032141
Date: 2014-03-28
According to “zdnet”, microsoft has updated their recent security advisory for Microsoft Word to indicate that Windows WordPad is not vulnerable to the same issue. Accordingly it can be used as a safe workaround for reading and editing RTF documents.
The vulnerability is a remote code execution vulnerability which allows an attacker to gain control of the system when a user opens a malicious RTF file in Microsoft Word. All versions of Microsoft Word are vulnerable to the attack. Microsoft had also announced that they "...are aware of limited, targeted attacks directed at Microsoft Word 2010." They have not announced when a fix will be released for the vulnerability or if it will be on a regularly-scheduled Patch Tuesday or "out of band".
WordPad uses RTF files as its default format. Windows 7 and 8 users can open RTF documents in WordPad and save them in Word's native .DOCX format. WordPad calls these "Office Open XML Document[s]". Files saved by Word as RTF do not present a problem with respect to this vulnerability.
Microsoft had also released a "Fix it" which disables support for RTF files. Until a fix is available, Windows users can change the default handler for RTF files to WordPad.
- 6