Zscaler, working with Microsoft through the MAPPs program, has proactively deployed protections for the following vulnerability included in the March 25, 2014 Microsoft Security Advisory 2953095. Zscaler will continue to monitor exploits associated with these vulnerabilities and release and deploy additional protections as necessary.
MSA-2953095 - Vulnerability in Microsoft Word Could Allow Remote Code Execution
CVE-2014-1761 – Vulnerability in Microsoft Word Could Allow Remote Code Execution
Description: A remote code execution vulnerability exists in the way MS Word handles specifically crafted Rich Text Format (RTF) documents. The vulnerability lies in the handling of the 'listoverridecount' control word. Word fails to correctly validate the value of the integer parameter passed with this control word. This leads to memory being referenced later on that can be leveraged to gain control over execution. This vulnerability may be exploited by tricking a user into opening a malicious Microsoft Office Document. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.