Menu
First remote code Office 2007 bug found

First remote code Office 2007 bug found

EEye Digital Security has found the first Office 2007 remote code vulnerability and has alerted Microsoft's bug team.

The terse warning posted to eEye's Upcoming Advisories site tags Publisher 2007, the desktop and Web publishing program included with some editions of Office, as the flawed application. "A remotely exploitable flaw exists within Publisher 2007 that allows arbitrary code to be executed in the context of the logged in user," the alert read. eEye rated the vulnerability as "high," and reported it to Microsoft a week ago.

"We're still in the back-and-forth with Microsoft [Security Response Center]," said Marc Maiffret, eEye's chief technology officer.

Microsoft confirmed it is working with eEye. "Microsoft is investigating new reports of a possible vulnerability in Publisher 2007, which has been responsibly disclosed to Microsoft [and] will continue to work with eEye to further understand this report," said a Microsoft spokesperson. "[We are] not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."

Although Maiffret declined to provide details of the vulnerability, he tacitly acknowledged that it was a bug in the Publisher 2007 file format. "Ninety percent of the time, [Office] bugs are in file formats. This is basically the same."

Users of Microsoft's Office productivity suites -- going as far back as Office 2000 and including the more recent Office 2003 -- have confronted a flood of flaws in the last 14 months. During 2006, Microsoft unveiled 13 security updates for Office 2000 and 11 for Office 2003; in the first two months of 2007, it's rolled out four bulletins for Office 2000 and six for Office 2003.

"Microsoft's been talking up Office 2007 as one of the first products that went through the Security Development Lifecycle, and telling everyone how great it would be," said Maiffret. "That's interesting, but this [vulnerability] shows that there still are going to be problems.

"With both Vista and Office 2007, it doesn't seem like Microsoft is really talking about compelling functionality. Instead, they're talking about security," Maiffret said. "That's crazy. The software should already have been secure."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftOffice 2007Publisher 2007

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments