Security Advisory - March 25, 2014

Zscaler Protects Against Vulnerabilities in Microsoft Word RTF Remote Code Execution

Zscaler, working with Microsoft through the MAPPs program, has proactively deployed protections for the following vulnerability included in the March 25, 2014 Microsoft Security Advisory 2953095.  Zscaler will continue to monitor exploits associated with these vulnerabilities and release and deploy additional protections as necessary.

MSA-2953095 - Vulnerability in Microsoft Word Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Microsoft Word 2003
  • Microsoft Word 2007
  • Microsoft Word 2010
  • Microsoft Word 2013
  • Microsoft Word Viewer
  • Microsoft Office for Mac 2011

CVE-2014-1761 – Vulnerability in Microsoft Word Could Allow Remote Code Execution

Description: A remote code execution vulnerability exists in the way MS Word handles specifically crafted Rich Text Format (RTF) documents. The vulnerability lies in the handling of the 'listoverridecount' control word. Word fails to correctly validate the value of the integer parameter passed with this control word. This leads to memory being referenced later on that can be leveraged to gain control over execution. This vulnerability may be exploited by tricking a user into opening a malicious Microsoft Office Document. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.