Fortinet Discovers Microsoft Word RTF File Handling Memory Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered a Memory Corruption vulnerability in Microsoft Word.
Microsoft Word is a word processor developed by Microsoft and it is one of the components of Microsoft Office suites.
The Memory Corruption vulnerability exists because Microsoft Word improperly handles a specially crafted Rich Text File (RTF) document with invalid drawing objects (shapes). It could result in out-of-bound read in corrupted memory of the vulnerable Microsoft Word. As a result, the said RTF document could lead to arbitrary code execution upon successful exploitation.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Nov 09, 2017
Users should apply the solution provided by Microsoft.
Fortinet reported the vulnerability to Microsoft on September 7, 2017.
Microsoft patched the vulnerability on November 14, 2017.