First MS Office 2007 flaw discovered

First MS Office 2007 flaw discovered

Microsoft released the latest version of their Office Suite last month. And researchers have already found a remote code vulnerability in the application suite.

eEye Digital Security said that they have alerted the developers of this bug discovered in the MS Office 2007 package.

The company said that this bug affects the Publisher 2007 application. A company note said: “A remotely exploitable flaw exists within Publisher 2007 that allows arbitrary code to be executed in the context of the logged in user.” Marc Maiffret, eEye’s chief technology officer added: “We’re still in the back-and-forth with Microsoft [Security Response Center].”

Microsoft responded in a statement: “Microsoft is investigating new reports of a possible vulnerability in Publisher 2007, which has been responsibly disclosed to Microsoft [and] will continue to work with eEye to further understand this report. [We are] not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time.”

Maiffret added: “Microsoft’s been talking up Office 2007 as one of the first products that went through the Security Development Lifecycle, and telling everyone how great it would be. That’s interesting, but this [vulnerability] shows that there still are going to be problems. With both Vista and Office 2007, it doesn’t seem like Microsoft is really talking about compelling functionality. Instead, they’re talking about security. That’s crazy. The software should already have been secure.”