Word RTF RCE trigger via Outlook preview pane — zero-click when email is previewed. Apply February 2023 patches. As compensating control, disable RTF as an attachment type at the mail gateway and in Outlook preview settings via Group Policy.
A remote code execution vulnerability exists in Microsoft Word when parsing RTF files. An attacker could be exploited when users open a specially crafted RTF email preview in Outlook.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →