CVE-2023-21716 in Wordinfo

Summary

by MITRE • 02/14/2023

Microsoft Word Remote Code Execution Vulnerability

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/27/2025

Microsoft Word contains a remote code execution vulnerability that arises from improper handling of specially crafted RTF files during the parsing process. This vulnerability is categorized as a buffer overflow condition within the Rich Text Format parser, allowing attackers to execute arbitrary code on vulnerable systems. The flaw exists in how Word processes certain malformed RTF structures that trigger memory corruption, potentially enabling privilege escalation when exploited successfully. The vulnerability affects Microsoft Word versions including Office 2016, Office 2019, Office 2021, and Microsoft 365, with the most significant impact occurring when users open malicious RTF files through the application's default file handling behavior.

The technical implementation of this vulnerability stems from inadequate input validation within the RTF parsing engine, which fails to properly sanitize or limit the size of memory allocations when processing nested or malformed RTF elements. When Word encounters specific sequences of RTF control words and parameters, the parser attempts to allocate memory without sufficient bounds checking, leading to stack or heap corruption. This memory corruption can be leveraged to overwrite critical program execution pointers or inject malicious code into the application's memory space. The vulnerability is particularly dangerous because RTF files are commonly used in email attachments and web downloads, making user interaction with malicious files a realistic attack vector.

The operational impact of this vulnerability extends beyond simple remote code execution, as successful exploitation can result in complete system compromise. Attackers can leverage this vulnerability to install backdoors, steal sensitive data, or establish persistent access to compromised systems. The attack surface is broad since RTF files are frequently encountered in legitimate business communications, making social engineering attacks particularly effective. Organizations using Microsoft Word in their environments face significant risk, especially those without proper email filtering or endpoint protection measures in place. The vulnerability's exploitation typically requires user interaction, but automated delivery mechanisms can reduce the attack complexity.

Mitigation strategies for this vulnerability include immediate deployment of Microsoft security updates that address the RTF parsing flaws and implementation of email filtering solutions that block suspicious RTF attachments. Network administrators should consider disabling RTF file handling in email clients and implementing application whitelisting policies to restrict Word execution. Additional protective measures involve regular security awareness training for users to recognize potentially malicious email attachments and establishing robust patch management procedures. The vulnerability aligns with CWE-121 and CWE-122 categories related to stack and heap-based buffer overflows, and its exploitation patterns correspond to ATT&CK techniques involving initial access through malicious attachments and privilege escalation through code execution. Organizations should also consider implementing network segmentation and monitoring for suspicious file access patterns to detect potential exploitation attempts.

Responsible

Microsoft

Reservation

12/13/2022

Disclosure

02/14/2023

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.82302

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!