This detection rule targets a vulnerability identified as CVE-2023-21716, which pertains to a Remote Code Execution risk in Microsoft Office when processing Rich Text Format (RTF) files with an excessive number of fonts defined in their font tables. The rule is triggered when an inbound attachment is analyzed and meets certain criteria focused on file types associated with Microsoft Office documents, including RTF, DOC, and DOCX. Specifically, it looks for attachments that may have an undefined file extension yet are recognized as compressed archives or contain macros. This is indicated by checking file sizes and content types characterized as application/octet-stream. Additionally, the rule exploits the presence of a font table within the file's content and specifically checks for entries exceeding 10,000 font definitions through string matching techniques. This rule is essential for identifying potentially malicious attachments aiming to exploit the abovementioned vulnerability, enabling preemptive action against malware or ransomware deployments.