Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Proactive zero-day coverage from HP TippingPoint: CVE-2014-1761

MarthaAviles ‎04-09-2014 08:43 AM - edited ‎09-25-2015 08:25 AM

Recently, Microsoft released details of a critical zero-day vulnerability (CVE-2014-1761) that is being actively exploited in the wild. The exploit leverages a flaw in specially crafted RTF documents to exploit users of Microsoft Word. The vulnerability can additionally be triggered by opening the malicious document in Outlook or simply previewing the attachment via the Outlook Word email viewer.

 

If successfully exploited, this vulnerability can result in full remote code execution in the privilege context of the user running the affected process. 

 

The temporary workaround from Microsoft has been to “Disable opening RTF content in Microsoft Word.”  While this is not a true patch or long term solution, customers of HP TippingPoint can breathe easy; HP TippingPoint has been providing proactive coverage for this vulnerability in the form of DV filter 12683 which has been shipping in the default recommended deployment since December of 2012, approximately 16 months prior to Microsoft’s announcement.

 

Click here to see a more in-depth analysis of this vulnerability.

 

Learn more about HP TippingPoint and other security products.

0 Kudos
About the Author

MarthaAviles

Events
Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference on August 29 - September 1, 2016 to learn from peers in every industry and hear from Big Data experts and thought lea...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference on September 13 - 16, 2016, and is the place to meet the world’s top information security talent, discuss new pr...
Read more
View all