Security researchers from Trend Micro have spotted malicious RTF files in the wild, which exploit a known Microsoft Office vulnerability to infect users with a trojan.
RTF stands for Rich Text Format and is one of the oldest document formats. It is supported by all versions of Microsoft Word and WordPad.
The RTF-based exploit seen by Trend Micro targets a stack buffer overflow vulnerability affecting all supported Microsoft Office versions.
This remote code execution flaw, identified as CVE-2010-3333, was addressed in the MS10-087
security bulletin released by Microsoft on November 9.
It the flaw is exploited successfully, the malicious RTF files drop a trojan which hides itself by using the name of an already existent service.
The malware injects code into the svchost.exe process in order to contact a remote server from where it receives instructions.