eEye: Microsoft Office 2007 flaw found in Publisher


A vulnerability discovered in Microsoft Office 2007 could be exploited by a malicious user to execute arbitrary code on a compromised PC, security experts have warned.

Detected by researchers at eEye Digital Security, the bug affects Publisher 2007, Microsoft’s document creation program.

The file format vulnerability could allow a hacker to create a malicious publisher file that could expose a system to remote attack, according to an advisory on the eEye website.

eEye researchers rated the vulnerability "highly critical" and first reported it to the software giant more than a week ago.

"Microsoft is investigating reports of a possible vulnerability in Publisher 2007. We will continue to work with eEye to further understand this problem," a Microsoft spokesperson said in a statement. "We are not aware of any attacks attempting to use the bug or of customer impact at this time."

Code auditors tested the consumer version of Office 2007, launched a month ago, during its security development. As a result, Microsoft hailed the software as its most secure yet and said the program could block increasingly sophisticated attacks from malicious code-writers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.