Corel wonders why Microsoft Office '03 blocks its files

Microsoft says concerns over Office 2003 SP3 security move are exaggerated

Those who are criticizing Microsoft's decision to block older file formats in Office 2003 Service Pack 3 (SP3) are "exaggerating," according to a Microsoft. product manager. Still, Corel, whose files were among those barred from opening, wonder what its rival was thinking.

Office 2003 SP3, released in mid-September, prevents users from opening scores of aged file formats, including those from early editions of Microsoft Word, Excel and PowerPoint, as well as older formats used by the obsolete Lotus 1-2-3 spreadsheet and Corel's still-current graphics software, CorelDraw. Microsoft's rationale: the file formats present a security risk.

Barring access to CorelDraw's files mystified Gerard Metrallier, Corel's director of product management, graphics. "Corel has unsuccessfully tried to figure out the basis for categorizing .cdr [CorelDraw] files as 'less secure' [and] we are currently working with Microsoft to get more details about this issue," said Metrallier. "If there is a known problem that had security implications, we will get this resolved as quickly as possible."

Checks by Corel with vulnerability databases compiled by the likes of US-CERT found no listings for CorelDraw, he added. Other databases, including the one kept by Danish vulnerability tracker Secunia ASP, do not list any CorelDraw bugs, patched or otherwise, either, according to research by Computerworld.

Today, Metrallier confirmed that the two companies have been talking about the blocking of .cdr files, but declined to answer questions about possible solutions, including a roll-back of the .cdr blocking. "They're working from their side," said Metrallier, "to clarify and correct the Knowledge Base [support] document."

Metrallier had no idea why Microsoft had added the .cdr format to the list of blocked files. "We didn't know where the issue was coming from."

Microsoft is looking into alternatives to the manual Windows registry hack that it's offered non-corporate users as the way to restore access to the now-blocked formats, according to Reed Shaffner, Office product manager, although he wouldn't go into details. "We're already [working on] an update to the KB [Knowledge Base article], and we're looking at ways to automate the [unblocking] process."

Shaffner also reiterated earlier Microsoft reasons for the changes. "We wanted to reduce the surface area of future attacks," said Shaffner, who also confirmed that the file formats themselves are not potentially risky, but the code within Office's applications that parses those file formats. "The code for doing that had certain security vulnerabilities," he acknowledged.

Microsoft Office -- the 2003 version in particular -- has been hard hit during the last two years by hackers who have used "fuzzing" tools to sniff out flaws in the app's parsing of files when opening them. Word, Excel and PowerPoint file formats have been used at various times by attackers to target high-value malware or identity theft victims in corporations.

Shaffner admitted that the Office team could have done a better job at getting out the word about the file format changes in Office 2003 SP3 -- "We did do a poor job," he said -- but also defended the decision by citing Office 2007. "This is something that Office 2007 has done by default since the day it shipped, and it hasn't impacted users there."

In fact, said Shaffner, the rhubarb over the changes has been overblown. "It's never a molehill if it affects just one user," he said, "but I would say that from what we've seen, the user impact has not been as much as the articles [in the news] indicate. I think people are exaggerating the impact a little bit."

Ironically, Corel's Metrallier agreed. "This isn't a major problem," he said today. "It's not impacting the users. But anything that is security-related is the highest-possible critical thing."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?