Vulnerability uncovered in Microsoft Publisher 2007

A vulnerability discovered in Microsoft's Office 2007 could be exploited by a malicious user to execute arbitrary code on a compromised computer, security experts warn.

Detected by researchers at eEye Digital Security, the bug affects Publisher 2007, Microsoft’s document creation programme.

The file format vulnerability could allow a hacker to create a malicious publisher file, which could expose the system to a remote attack, according to an advisory on the eEye Digital Security website.

Security researchers rated the vulnerability as “highly critical” and first reported it to the software giant more than a week ago.

“Microsoft is investigating reports of a possible vulnerability in Publisher 2007. We will continue to work with eEye to further understand this problem,” a Microsoft spokesperson said in a statement. “We are not aware of any attacks attempting to use the bug or of customer impact at this time.”

Code auditors tested the consumer version of Office 2007, which was launched a month ago, during its security development. As a result, Microsoft hailed the software as its most secure yet and said that the programme could block increasingly sophisticated attacks from malicious code writers.

Sign up to our newsletters