Intrusion PreventionObfuscated.Rich.Text.Format
Description
This indicates an attempt to download an obfuscated Rich Text Format file.
This signature detects obfuscated RTF files. RTF exploits can be and are often highly obfuscated. An attacker can launch exploits by tricking an unsuspecting user into opening a malicious RTF file and execute arbitrary code within the context of the application, via a crafted RTF file.
Affected Products
Microsoft Office
RTF compatible document processor
Impact
System Compromise: Remote attackers can gain control of vulnerable system.
Recommended Actions
Update to the latest version from the vendor.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-10-25 | 18.184 | Modified |
| 2021-10-18 | 18.180 | Sig Added |
| 2020-09-21 | 16.928 | Modified |
| 2020-06-23 | 15.870 | Sig Added |
| 2020-05-21 | 15.848 | Sig Added |
| 2020-04-28 | 15.829 | Sig Added |
| 2020-04-22 | 15.826 | Sig Added |
| 2020-03-19 | 15.799 | Sig Added |
| 2020-03-17 | 15.797 | Sig Added |
| 2020-01-08 | 15.754 | Sig Added |
| ID | 44766 |
| Created | Nov 07, 2017 |
| Updated | Jul 31, 2023 |
| Risk |
|
| CVE ID | CVE-2018-0802 |
| Known Exploited | Yes |
| Exploit Prediction Score | 96.97% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Office |