Word RTF RCE trigger via Outlook preview pane — zero-click when email is previewed. Apply February 2023 patches. As compensating control, disable RTF as an attachment type at the mail gateway and in Outlook preview settings via Group Policy.
A remote code execution vulnerability exists in Microsoft Word when parsing RTF files. An attacker could be exploited when users open a specially crafted RTF email preview in Outlook.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →