Detected by researchers at eEye Digital Security, the bug affects Publisher 2007, Microsoft’s document creation programme.
The file format vulnerability could allow a hacker to create a malicious publisher file, which could expose the system to a remote attack, according to an advisory on the eEye Digital Security website.
Security researchers rated the vulnerability as “highly critical” and first reported it to the software giant more than a week ago.
“Microsoft is investigating reports of a possible vulnerability in Publisher 2007. We will continue to work with eEye to further understand this problem,” a Microsoft spokesperson said in a statement.
“We are not aware of any attacks attempting to use the bug or of customer impact at this time.”
Code auditors tested the consumer version of Office 2007, which was launched a month ago, during its security development. As a result, Microsoft hailed the software as their most secure yet and said that the programme could block increasingly sophisticated attacks from malicious code writers.
Vulnerability discovered in Microsoft Office 2007
By Fiona Raisbeck on Feb 27, 2007 12:53AM
A vulnerability discovered in Microsoft's Office 2007 could be exploited by a malicious user to execute arbitrary code on a compromised computer, security experts warn.
Got a news tip for our journalists? Share it with us anonymously here.