RTF Control


    - Microsoft Windows 95
    - Microsoft Windows 98
    - Microsoft Windows 98 Second Edition
    - Microsoft Windows NT 4.0 Workstation
    - Microsoft Windows NT 4.0 Server
    - Microsoft Windows NT 4.0 Server, Enterprise Edition
    - Microsoft Windows NT 4.0 Server, Terminal Server Edition


    Following is based on Security  Bulletin from the Microsoft.   RTF
    files  consist  of  text  and  control  information.  The  control
    information is specified via directives called control words.  The
    default RTF reader  that ships as  part of many  Windows platforms
    has an unchecked buffer in the portion of the reader that   parses
    control  words.  If  an  RTF  file  contains a specially-malformed
    control word, it could cause the application to crash.

    Microsoft believes that this is a denial of service  vulnerability
    only, and that there is  no capability to use this   vulnerability
    to  run  arbitrary  code.    The  most  serious  risk  from   this
    vulnerability would result if a user had preview mode  enabled  on
    a mail program like Outlook, and received an email that  exploited
    the vulnerability.   Because preview mode  causes  the  mail to be
    parsed without  user assent,  the mail  program would  continue to
    crash until a  subsequent mail was  received or   the mail program
    was started with preview mode disabled.


    Windows  2000  is  not  affected  by  this  vulnerability.   Patch

      - Windows 95:
      - Window 98:
      - Windows NT 4.0 Workstation, Windows NT 4.0 Server, and Windows NT 4.0 Server, Enterprise Edition:
      - Windows NT 4.0 Server, Terminal Server Edition:
        To be released shortly.

    The Windows 95 and 98 versions of the patch will also be available
    via WindowsUpdate shortly. When this happens, we  will modify  the
    bulletin to note this fact.