McAfee security researchers are warning of a new zero-day vulnerability in Microsoft Word being exploited via attached .rtf files since at least January.
The vulnerability is triggered when a victim opens a trick Word document, which downloads a malicious HTML application from a server, disguised to look like a Rich Text document file as a decoy. The HTML application meanwhile downloads and runs a malicious script that can be used to stealthily install malware.
Researchers at McAfee said because the HTML application is executable, the attacker can run code on the affected computer while evading memory-based mitigations designed to prevent these kinds of attacks.
Security firm FireEye also noted similar malicious .rtf files in its own alert. Both firms say the flaws are within Microsoft’s Object Linking and Embedding (OLE) technology and affects all versions of Office, including Office 2016 for Windows 10.
Once you double click the rtf file and the hta executes, at that point, the attacker will have full access to the victim’s machine.