Windows Defender - Alert Exploit:O97M/CVE with SpineTrial\licence.rtf

Dani

Hello there!

I was trying the free version of Spine 2D. After a few days, I decided to
do a routine Windows Denfender check and it warned me of an exploit regarding the file "Spine Trial\license.rtf".

Obviously I'm worried and I would like to know what's happening. My intention was to purchase the PRO version in the future, but this was strange. Thank you very much for your attention.

All the best.

P.D: Translate Details: This program is dangerous and takes advantage of a security vulnerability on the computer on which it runs.

Mario

Windows Defender is and idiot, sorry to say. License.rtf is a rich text file containing our license text. It is not executable. The only way this could harm your computer would be if the rich text viewer you are using to display the file has a bug.

Programs like Windows Defender work based on something called "heuristics" (among other things). That is, they know a few byte patterns they look for, irrespective of where they find them in the files of a program. What you see here is called a "false positive", meaning, it detects something as dangerous, while it is not.

Spine does not do anything malicious, despite what Windows Defender's heuristics tell you. We guarantee that in our license agreement, so if we actually did, you could sue us into the ground.

TL;DR: don't trust spurious outputs from your "anti-virus" software.

Dani

Oh I understood! I appreciate your answer, thank you very much!

SilverStraw

Seems to apply to all rich text format.
https://www.opswat.com/blog/malicious-rtf-file
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716

Nate

That's pretty silly, but I guess there are too many RTF editors/viewers with bugs. We'll switch to PDF. Those don't have any bugs, right? 😆