Corel wonders why Microsoft Office '03 blocks its files

Microsoft says concerns over Office 2003 SP3 security move are exaggerated

Those who are criticizing Microsoft's decision to block older file formats in Office 2003 Service Pack 3 (SP3) are "exaggerating," according to a Microsoft. product manager. Still, Corel, whose files were among those barred from opening, wonder what its rival was thinking.

Office 2003 SP3, released in mid-September, prevents users from opening scores of aged file formats, including those from early editions of Microsoft Word, Excel and PowerPoint, as well as older formats used by the obsolete Lotus 1-2-3 spreadsheet and Corel's still-current graphics software, CorelDraw. Microsoft's rationale: the file formats present a security risk.

Barring access to CorelDraw's files mystified Gerard Metrallier, Corel's director of product management, graphics. "Corel has unsuccessfully tried to figure out the basis for categorizing .cdr [CorelDraw] files as 'less secure' [and] we are currently working with Microsoft to get more details about this issue," said Metrallier. "If there is a known problem that had security implications, we will get this resolved as quickly as possible."

Checks by Corel with vulnerability databases compiled by the likes of US-CERT found no listings for CorelDraw, he added. Other databases, including the one kept by Danish vulnerability tracker Secunia ASP, do not list any CorelDraw bugs, patched or otherwise, either, according to research by Computerworld.

Today, Metrallier confirmed that the two companies have been talking about the blocking of .cdr files, but declined to answer questions about possible solutions, including a roll-back of the .cdr blocking. "They're working from their side," said Metrallier, "to clarify and correct the Knowledge Base [support] document."

Metrallier had no idea why Microsoft had added the .cdr format to the list of blocked files. "We didn't know where the issue was coming from."

Microsoft is looking into alternatives to the manual Windows registry hack that it's offered non-corporate users as the way to restore access to the now-blocked formats, according to Reed Shaffner, Office product manager, although he wouldn't go into details. "We're already [working on] an update to the KB [Knowledge Base article], and we're looking at ways to automate the [unblocking] process."

Shaffner also reiterated earlier Microsoft reasons for the changes. "We wanted to reduce the surface area of future attacks," said Shaffner, who also confirmed that the file formats themselves are not potentially risky, but the code within Office's applications that parses those file formats. "The code for doing that had certain security vulnerabilities," he acknowledged.

Microsoft Office -- the 2003 version in particular -- has been hard hit during the last two years by hackers who have used "fuzzing" tools to sniff out flaws in the app's parsing of files when opening them. Word, Excel and PowerPoint file formats have been used at various times by attackers to target high-value malware or identity theft victims in corporations.

Shaffner admitted that the Office team could have done a better job at getting out the word about the file format changes in Office 2003 SP3 -- "We did do a poor job," he said -- but also defended the decision by citing Office 2007. "This is something that Office 2007 has done by default since the day it shipped, and it hasn't impacted users there."

In fact, said Shaffner, the rhubarb over the changes has been overblown. "It's never a molehill if it affects just one user," he said, "but I would say that from what we've seen, the user impact has not been as much as the articles [in the news] indicate. I think people are exaggerating the impact a little bit."

Ironically, Corel's Metrallier agreed. "This isn't a major problem," he said today. "It's not impacting the users. But anything that is security-related is the highest-possible critical thing."

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?