Microsoft vulnerability, now served with plain text files

It is the year 2011 and we learn that even opening plain text files in Microsoft Windows is not as safe as you thought.

The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

You’ve got all your buzz words here: remote code execution; legitimate rich text, text, or Word document; network directory; local user rights, etc.  It’s good to know that it’s fixed.  Yet it’s still worrying as to what else is there …

Leave a Reply