A vulnerability discovered in Microsoft's Office 2007 could be exploited by a malicious user to execute arbitrary code on a compromised computer, security experts warn.Detected by researchers at eEye Digital Security, the bug affects Publisher 2007, Microsoft’s document creation programme.
The file format vulnerability could allow a hacker to create a malicious publisher file, which could expose the system to a remote attack, according to an advisory on the eEye Digital Security website.
Security researchers rated the vulnerability as “highly critical” and first reported it to the software giant more than a week ago.
“Microsoft is investigating reports of a possible vulnerability in Publisher 2007. We will continue to work with eEye to further understand this problem,” a Microsoft spokesperson said in a statement. “We are not aware of any attacks attempting to use the bug or of customer impact at this time.”
Code auditors tested the consumer version of Office 2007, which was launched a month ago, during its security development. As a result, Microsoft hailed the software as its most secure yet and said that the programme could block increasingly sophisticated attacks from malicious code writers.