FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt
This event is generated when an attacker attempts to exploit a memory corruption vulnerability in Microsoft Office
Attempted User Privilege Gain
Rule checks for an attempt to exploit a memory corruption vulnerability in Microsoft office versions prior to 2016 that is triggered with a maliciously-crafted RTF file.
Ease of attack
Implement patches for all affected products seen here: portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922
- Cisco's Talos Intelligence Group