Security Home > General Software

Malformed RTF Control Word Vulnerability

When you are using a program that calls the default viewer for a Rich Text Format (RTF) file that contains a specially malformed control word in the file header, the program may not work properly or may generate a general protection (GP) fault.


RTF files consist of text and control information. The control information is specified via directives called control words. The default RTF reader that ships as part of many Windows platforms has an unchecked buffer in the portion of the reader that parses control words. If an RTF file contains a specially-malformed control word, it could cause the application to crash.

Microsoft believes that this is a denial of service vulnerability only, and that there is no capability to use this vulnerability to run arbitrary code. The most serious risk from this vulnerability would result if a user had preview mode enabled on a mail program like Outlook, and received an email that exploited the vulnerability. Because preview mode causes the mail to be parsed without user assent, the mail program would continue to crash until a subsequent mail was received or the mail program was started with preview mode disabled.

Affected Products

  • Windwos 95, 98 and NT 4.0


Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: January 17, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<