Kevin BeaumontMar 6, 2023

Keep an eye on CVE-2023-21716 aka MS Word vulnerability from February 2023 in RTF files.

There's a public proof of concept: https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md

Where it gets more interesting - you can embed RTF files in email, Microsoft Outlook renders them with no clicks, by just reading the email. There's a decent chance this could become problematic combination.. although not yet as the PoC is vague enough to require a clue to exploit. HT @fellows

#CVE202321716

Show threadKevin BeaumontMar 6, 2023
Good luck anybody enabling this mitigation in a corporate environment, lmao.
Show threadKevin BeaumontMar 7, 2023

I've been keeping an eye on #CVE202321716 (the MS Word RTF vuln) via #GossiMonitoring

The headline is, people are starting to experiment with it.

Show threadKevin BeaumontMar 8, 2023

Interestingly, the way to embed RTF into email so it directly renders in Outlook appears to be undocumented online.

Either my Google-fu is bad or nobody has actually documented it - you can still do it and Exchange Server still passes it inbound, they only filtered outbound.

I’m not documenting it btw.

Show threadDuncanWatson
@GossiTheDog I used to do this when I used emacs as my email client and controlled my MTA as well
Mar 8, 2023 at 6:35pmWeb