Full title: MS14-017 Microsoft Word RTF Object Confusion Exploit 
Category: local exploits
Platform: windows
This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This Metasploit module was created by reversing a public malware sample.

# 0day.today @ http://0day.today/