Apps Development and Hosting Platform | IT Company Australia

PoC for a major Microsoft Word RCE problem revealed

March 8, 2023

Over the weekend, a proof-of-concept for CVE-2023-21716, a severe vulnerability in Microsoft Word that permits remote code execution, was disclosed.

The vulnerability was given a severity level of 9.8 out of 10. Microsoft Office 365 parent company addressed it in the February Patch Tuesday security patches, along with a handful of remedies.

The low attack complexity, with the lack of access and user engagement necessary to exploit it, determines the severity score.

Last year, security researcher Joshua Drake uncovered the vulnerability in Microsoft Office’s “wwlib.dll”. They gave Microsoft a technical warning with proof-of-concept (PoC) code demonstrating the issue’s exploitability.

A remote attacker can exploit the flaw to execute code with the same privileges as the victim, opening a malicious document in RTF format.

Sending the infected file to a target may be as simple as attaching it to an email, though there are several more options.

Microsoft 365 Office company advises that users do not need to open a malicious RTF document. Furthermore, they warned that merely opening the file in the Preview Pane will initiate the attack.

According to the cybersecurity website researcher, the Microsoft Word RTF parser includes a heap corruption vulnerability that is triggered “when dealing with a font table (*fonttbl*) containing an excessive number of fonts (*f###*).

An attacker could exploit the problem after the memory corruption occurs by using a “well-constructed heap structure.

Tweet-sized PoC

The PoC from the researcher reveals the heap corruption vulnerability stops short of running the Calculator app in Windows, to demonstrate code execution.

No one has reported exploiting the vulnerability, and Microsoft believes that it is “less likely.”

Threat actors are drawn to critical vulnerabilities like this one. Moreover, the more skilled ones attempt to reverse engineer the fix to discover a method to exploit it.

As exploit code gets accessible, a wider pool of attackers begins to exploit the vulnerability. As it takes less work to alter a PoC than it does to create an exploit from scratch.

It is unknown whether the present Proof of Concept can be turned into a full-fledged exploit. However, it just indicates that exploitation is conceivable without demonstrating it.

Moreover, remote code execution in Office 365 is actively pursued as it would facilitate widespread virus distribution.

A similar vulnerability in Microsoft Excel Equation Editor was addressed, although it is still part of certain campaigns today.

Workarounds might backfire

The vendor’s warning for CVE-2023-21716 contains a complete list of Microsoft Office products affected by the issue.

Customers unable to install the update can view emails in plain text format. However, this is unlikely to be adopted because images and rich content are not available.

Another alternative is to enable the Microsoft Office File Block policy. It prohibits Office apps from accessing RTF files from unknown or untrusted sources.

This approach necessitates the modification of the Windows Registry and comes with a warning that if you use Registry Editor incorrectly, you may cause major difficulties that may need the reinstallation of your operating system.

Furthermore, if an “exempt directory” is not specified, users risk being unable to access any RTF document.

Even if a comprehensive attack is presently unavailable and just theoretical, applying the Microsoft security update is the safest approach to address the problem.

Hey, like this? Why not share it with a buddy?

Related Posts

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments

Popular TAGS

Latest Posts


Transfer a Domain Name: Everything you need to know


Google cautions consumers of Android device remote issues


Google adds another AI dollop to Workspace


Cyber Insurance: Strengthening Cyber Defenses

Cloud Services

Cloud costs management is more difficult than ever


Businesses: Stop employing the worst passwords imaginable


Discover Dark Data Challenges in Your Business


Email security is more concerning for organizations


PoC for a major Microsoft Word RCE problem revealed


Your Ultimate Guide to Choosing the Right Web Hosting Solution


Google Cloud storage is not as secure as we believe


Web and Mobile Applications Essential Elements

Cloud Services

Cloud expenditure is increasing again as enterprise budgets expand


WordPress Houzez theme weaknesses used to takeover websites


Email Security: Protecting Your Communications in a Digital Age


Cloud: Most businesses have a misconfiguration problem


Mozilla: Most popular Android apps are not private


Gmail IMAP sync issues that are affecting Outlook users


Stealc malware with a variety of stealing capabilities emerges


Hotmail: The latest spam failure is Microsoft’s difficulty

Would love your thoughts, please comment.x