
The file format vulnerability could allow a hacker to create a malicious publisher file, which could expose the system to a remote attack, according to an advisory on the eEye Digital Security website.
Security researchers rated the vulnerability as “highly critical” and first reported it to the software giant more than a week ago.
“Microsoft is investigating reports of a possible vulnerability in Publisher 2007. We will continue to work with eEye to further understand this problem,” a Microsoft spokesperson said in a statement.
“We are not aware of any attacks attempting to use the bug or of customer impact at this time.”
Code auditors tested the consumer version of Office 2007, which was launched a month ago, during its security development. As a result, Microsoft hailed the software as their most secure yet and said that the programme could block increasingly sophisticated attacks from malicious code writers.