MS Word vulnerability

M

MacInWin

Guest
I read this advisory from MS about Word, but the fixes all seem to apply only to Windows. Yet in the text, they say the vulnerability is present in Office for Mac 2011. There isn't a patch yet, but the workarounds all seem to apply only to Windows. Is there a risk or not?
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Interesting advisory Jake. But note quote below:

The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

I'm not sure Word is the default email reader for Mac Office Outlook. Do you know if it is? I don't use Outlook although I have a copy that came with my version of Office 2011.
 
OP
M

MacInWin

Guest
Well, from the article, I think you could come under attack from an email with an attachment of .rtf format that you simply save and open with Word, even if Word is not the default email reader and even if you don't use Outlook. But given that it is an executable, and that the OS is not Windows, I don't think it was clear if there was a threat to Macs at all. The one confusing point was the specific inclusion of Word for Mac in the list of affected packages. Normally I ignore these kinds of warnings. I think I'll do that for this one, too.
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Microsoft seem to be doing it tough - adverse criticism re XP left behind, Microsoft Security Essentials not recommended by a Company Vice President and now this. Like you Charlie I do not use Outlook, nor like it.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top