Intrusion Prevention

Obfuscated.Rich.Text.Format

Description

This indicates an attempt to download an obfuscated Rich Text Format file.
This signature detects obfuscated RTF files. RTF exploits can be and are often highly obfuscated. An attacker can launch exploits by tricking an unsuspecting user into opening a malicious RTF file and execute arbitrary code within the context of the application, via a crafted RTF file.

Affected Products

Microsoft Office
RTF compatible document processor

Impact

System Compromise: Remote attackers can gain control of vulnerable system.

Recommended Actions

Update to the latest version from the vendor.

CVE References

CVE-2018-0802