Malformed RTF Control Word Vulnerability
When you are using a program that calls the default viewer for a Rich Text Format (RTF) file that contains a specially malformed control word in the file header, the program may not work properly or may generate a general protection (GP) fault.
RTF files consist of text and control information. The control information is specified via directives called control words. The default RTF reader that ships as part of many Windows platforms has an unchecked buffer in the portion of the reader that parses control words. If an RTF file contains a specially-malformed control word, it could cause the application to crash.
Microsoft believes that this is a denial of service vulnerability only, and that there is no capability to use this vulnerability to run arbitrary code. The most serious risk from this vulnerability would result if a user had preview mode enabled on a mail program like Outlook, and received an email that exploited the vulnerability. Because preview mode causes the mail to be parsed without user assent, the mail program would continue to crash until a subsequent mail was received or the mail program was started with preview mode disabled.
- Windwos 95, 98 and NT 4.0
Software patches are available from the following locations:
- Windows 95: http://www.microsoft.com/windows95/downloads/contents/
- Window 98: http://www.microsoft.com/windows98/downloads/contents/
- Windows NT 4.0 Workstation, Windows NT 4.0 Server, and Windows NT 4.0 Server, Enterprise Edition:
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: January 17, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
|More Guides »||Registry Guide||Support Forums||Software Guide||Scripting Guide||Search|