Proof-of-Concept released for critical Microsoft Word RCE bug

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.

Joshua Drake, a researcher, had reported the vulnerability to Microsoft along with a technical advisory and proof-of-concept (PoC) exploit code. The issue has been addressed in the February Patch Tuesday, so now the researcher made the advisory and the PoC available.

How Does the CVE-2023-21716 Vulnerability Work?

It is a heap corruption vulnerability in Microsoft Word’s RTF parser that, if triggered, allows attackers to achieve remote code execution with the privileges of the victim. The flaw does not require prior authentication: attackers can simply send a booby-trapped RTF file to the victim(s) via email.

There is additional processing after the memory corruption occurs, and a threat actor could exploit the CVE-2023-21716 vulnerability by using a specially crafted heap layout.

In the security advisory accompanying the patches, Microsoft confirmed the Preview Pane as an attack vector. Though patching vulnerable products is preferred, the company also offered guidance possible workarounds, which include:

• Configuring Microsoft Outlook to read all standard mail in plain text format
• Using Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources.

The following Microsoft products are affected by the CVE-2023-21716 vulnerability, and users are advised to patch their vulnerable products as soon as possible.

There is no evidence that the CVE-2023-21716 vulnerability is being actively exploited, and Microsoft believes that it is unlikely to be exploited.

Therefore, the safest way to address the vulnerability is to install the security update provided by Microsoft.

Follow Us on: Twitter, Instagram, Facebook to get the latest security news!