The expert shortened the code to 140 characters to bring more administrators to the problem.
Researcher and information security expert Joshua Drake tweeted a PoC exploit code for a critical RCE vulnerability in Microsoft Word.
The RCE vulnerability CVE-2023-21716 was fixed in February and allows an attacker to achieve remote code execution without prior authentication - a hacker can simply send a malicious RTF file to the victim by email.
Drake was the first to discover a vulnerability in the "wwlib.dll" library of the Office suite and reported it in a detailed report to Microsoft.
According to Drake's report, the pre-February 2023 version of the RTF parser in Microsoft Word had a heap corruption bug that could be triggered "when working with a font table (*\fonttbl*) containing an excessive number of fonts (* \f###*)".
In this case, after launching a special heap overflow mechanism, additional memory processing occurred in the system, and a cybercriminal could use this moment to execute arbitrary code in the system by creating the necessary heap structure.
The full version of the exploit consisted of 10 lines of code, including comments. But in order for as many system administrators as possible to pay attention to this problem and fix vulnerable systems, the researcher reduced the exploit code to one tweet.
Experts in the field have posted a tool on GitHub to detect attempts to exploit the Drake exploit on unpatched systems.