ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

Warning!! Microsoft Word Zero-Day Vulnerability is being exploited in the Wild Unknown rwxr-xr-x 0 3/25/2014

Filename Warning!! Microsoft Word Zero-Day Vulnerability is being exploited in the Wild
Permission rw-r--r--
Author Unknown
Date and Time 3/25/2014
Label
Action
Ethical Hacking Institute in Pune
./Arizona Team

Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the Google security team. “At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010…” company said.

























According to Microsoft's security advisory, Microsoft Word is vulnerable to  a remote code execution vulnerability (CVE-2014-1761) that can be exploited by a specially crafted Rich Text Format (RTF).

An Attacker can simply infect the victim's system with malware if a user opens a malicious Rich Text Format (RTF), or merely preview the message in Microsoft Outlook.

"The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code."

Microsoft acknowledged that remote code execution flaw also exists in Microsoft Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011.
Microsoft is working on an official patch, which will be released with the next Patch Tuesday security updates on April 8.

But in the meantime, Windows users can use temporary 'Fix It' tool to patch this vulnerability and also can install Enhanced Mitigation Experience Toolkit (EMET) tool that can mitigate this vulnerability.

Do not download .RTF files from the suspicious websites, and do not open or preview .RTF email attachments from strangers.


www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan