all InfoSec news
Micropatches for Microsoft Word Remote Code Execution (CVE-2023-21716)
Malware Analysis, News and Indicators - Latest topics malware.news
February 2023 Windows Updates brought a fix for CVE-2023-21716, a remote code execution vulnerability in Microsoft Word. The vulnerability was discovered and reported by security researcher Joshua J. Drake (Twitter, Mastodon), and subsequently published with a simple proof-of-concept.
The flaw is in Word's processing of an RTF file with an excessive number of font records, whereby a numeric operation with sign extension results in the code writing to an address outside the intended memory block. …
address code code execution concept cve cve-2023-21716 extension february file fix flaw mastodon microsoft microsoft word proof-of-concept remote code remote code execution researcher results rtf security security researcher sign simple twitter updates vulnerability windows windows updates word writing