Inspection and Sanitization Guidance for Rich Text Format (RTF)

Abstract: The purpose of this document is to provide guidance for the development of a sanitization and analysis software tool for the Rich Text Format (RTF). It provides analysis of the various elements and objects that are contained within the RTF file structure and how they can be a cause of concern for data attack, data hiding, and data disclosure. This document provides recommendations to mitigate these risks. Although this report does not cover vulnerabilities related to a specific RTF capable software application, a number of them were used in the analysis of the standard.

Date Published:

Last Reviewed: 11 December 2017

Identifier: U/OO/234070-17

Dissemination Control: N/A

Length: 63 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: National Security Agency - NSA; Cyber; Guidance; Exploitation; Vulnerability; Data