University of California, Riverside


RTF Vulnerability Security Advisory

Microsoft Word and the RTF Vulnerability Security Advisory

As of Tuesday, April 8th, a security update resolves the remote code execution vulnerability. This secures an exploit that made MS Word and MS Outlook vulnerable to attackers via opening up an RTF attachment or email message.

Most computers will have automatically updated. If you are not sure if the update was installed, there is a way to check and download and run the update.

A chart of Affected and Non-Affected Software can be found on this Microsoft Security Bulletin.

  1. Scroll to the Affected and Non-Affected Software chart.
  2. Find your software and click on the corresponding component link.
    If you need help finding what version of Microsoft Office you run, please use these steps.
    1. Open Word -> File -> Help
    2. Under "About Microsoft Word", it should show the version and whether a 32 or 64 bit.
    3. Click on "Additional Version and Copyright Information". At the top, it should display what service pack you are running (SP1, SP2, etc.)
  3. Click on "Download"
  4. Once downloaded, run the file.

Mac Users Workaround

While Mac users have not been targeted at this time, it is possible that a vulnerability could occur. Below are some precautionary steps a Mac user can take to to protect themselves.

Set the default application for opening RTF files to be something other than Word 2011.

  1. In the Finder, Select, but do NOT open and RTF file
  2. From the File Menu, select 'Get Info'
  3. In the window that appears, go to the section that reads "Open With:" and click the disclosure triangle next to it, if necessary, to display a drop-down menu
  4. From the drop-down menu shown, choose an application other than Microsoft Word, such as Pages, or TextEdit (if it already displays TexEdit as the default you are already set correctly and can skip step 5)
  5. Click the "Change All..." button to apply this change to all RTF files, close the Get Info window


If you have any questions, please call the C&C HelpDesk at x23555 or email them to

More Information about the RTF vulnerability

Microsoft explains the exploit may "allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer."

Although most versions of Word are at risk, the active exploits seem to be targeting Word 2010. Currently, Microsoft has not released a security fix but there is a tool available for Windows users and some steps for Mac users.

Original Micorsoft Tech Bulletin -
Includes the details on the vulnerability and the affected software for Windows users.

Microsoft Security Bulletin Update -
Regarding the security update due to the code execution vulnerability.

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-4741
Fax: (951) 827-4541