February 23, 2007 1:17 PM PST

Flaw found in Office 2007

Researchers have discovered a "highly critical" security flaw in newly released Office 2007, despite Microsoft's efforts to deliver its most secure version yet of the productivity software.

The consumer version of Office 2007, which launched only four weeks ago, is designed to withstand higher scrutiny by malicious code writers, as Microsoft subjected the software to code auditors as part of its security development lifecycle.

But researchers at eEye Digital Security found a file format vulnerability in Microsoft Office Publisher 2007, which could be exploited to let an outsider run code on a compromised PC.

"We were surprised we could find a flaw so quickly (after Office 2007 launched) and one that was part of their core products," said Ross Brown, eEye's chief executive.

An attacker could create a malicious publisher file, he said. Once the recipient opens the file, he or she could find the system infected and susceptible to a remote attack.

Researchers at eEye used a standard process of code auditing in discovering the vulnerabilities, Brown added. He noted that Microsoft either did not do a "good job" with its code auditing, or it may not have had enough people working on such a task.

Microsoft, meanwhile, said it is investigating eEye's report of a possible vulnerability in Publisher 2007 and will provide users with additional guidance if necessary.

Executives at the software giant have recently said they expect security challenges to keep emerging, as an increasing number of devices connect to the Internet.

No public exploits have been reported in circulation for Publisher 2007 and, given Office 2007's recent release, the flaw may hold little attraction for attackers who may wish to concentrate on software that is in greater distribution, eEye said.

See more CNET content tagged:
eEye Digital Security, Microsoft Office 2007, auditing, flaw, researcher


Join the conversation!
Add your comment
wait for it...
wait for it...
Posted by bob blob (118 comments )
Reply Link Flag
The hole system is a flaw! Wht do ineed a gig of memory to just run the friken OS + Office! Is 2 gigs just to have a stable system to let me do what I want!! GHAWD!
Posted by bradyme (43 comments )
Reply Link Flag
You need the memory (I don't believe 2 gigs) because it is the whole package and ease of use. If you want to conserve on memory then go get a *nix system. It will do everything and anything that you want it to do. However, you will have to get used to command line interfacing. It is a challenge but can be overcome. If you wish for ease of use, a Mac should fit your needs. Sadly though, you will loose a little functionality despite what some Mac users will tell you. For the whole package, OS, office tools, programing, and database management, gaming, ect.... no one does it better than MS. Vista with Office 2007 combined with the other tools that MS offers... well, as far as I'm concerned, they have raised the bar quite a bit higher.
P.S. For those who may say I haven't experienced the other OS's/companies. I run a Unix server and manage two applications running Oracle database. I did my first programing on a Apple II. I'm here to tell you no one does it better than MS.
Posted by suyts (824 comments )
Link Flag
2 gigs???
I'm running with one gig, using tons of apps and have almos zero page faults. Taskman shows 830MB of RAM in use (including file cache) and my machine has been on for over a week.
And yes, it needs one gig because you simply can do more things and do them better with more memory, and since RAM is cheap it would be foolish to restrict the capabilities to suit some users that want to run it on 64KB. Move on.
Posted by herby67 (144 comments )
Link Flag
Why do people love Micro$oft????????????????????????????????????????
Posted by paulsecic (298 comments )
Link Flag
Office Flaw
I see your readers are still searching for that perfect bundle of software; you know the one. That perfect piece of software that all you do is turn on your PC and your job ends. The computer then reads your mind, and selects every different scenario that you might want, and proceeds to do it well.
You do have choices. You might write your own software, then you could blame yourself for the holes you say are in MS Office 2007.
Posted by jevenew (13 comments )
Reply Link Flag
Keep it in perspective...
There are thousands, if not hundreds of thousands, of flaws in Microsoft Office products. There is one (1) known macro virus in all other non-Microsoft Office products combine the world over.

The flaw here is Microsoft's monopoly on Office products has been allowed to continue, costing society at large severe harm.
Posted by Microsoft_Facts (109 comments )
Reply Link Flag
Your perspective is wrong
You've been called on this before but that tiny thing you call your brain seems unable to register the truth.

There have been *MANY* macro flaws in non-MS products complete with "proof-of-concept" code. o

If you want a better perspective I suggest you pull you pull your head out of that warm but smelly receptacle you placed in it because it's obviously given you "tunnel" vision.
Posted by HandGlad2 (91 comments )
Link Flag
You said it.
It's really incredible that Microsoft hasn't been held accountable for all the harm they've done to their customers through all of their security flaws and other glaring bugs.
Posted by fcekuahd (244 comments )
Link Flag
Publisher 2007
I have been using Pub 2007 quite a lot for the past three days. Yesterday I started having alot of problems i.e. monitor settings, ITunes, and others. Could this be related to the Pub 2007 problem?
Posted by zaxt (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.