Kevin BeaumontKeep an eye on CVE-2023-21716 aka MS Word vulnerability from February 2023 in RTF files.
There's a public proof of concept: https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md
Where it gets more interesting - you can embed RTF files in email, Microsoft Outlook renders them with no clicks, by just reading the email. There's a decent chance this could become problematic combination.. although not yet as the PoC is vague enough to require a clue to exploit. HT @fellows
Andrzej Stamburski