Researchers spot first remote code Office 2007 bug

First Office 2007 remote code vulnerability reported

EEye Digital Security said it's found the first Office 2007 remote code vulnerability and has alerted Microsoft's bug team.

The terse warning posted to eEye's Upcoming Advisories site tags Publisher 2007, the desktop and Web publishing program included with some editions of Office, as the flawed application. "A remotely exploitable flaw exists within Publisher 2007 that allows arbitrary code to be executed in the context of the logged in user," the alert read. eEye rated the vulnerability as "high," and reported it to Microsoft a week ago.

"We're still in the back-and-forth with Microsoft [Security Response Center]," said Marc Maiffret, eEye's chief technology officer.

Microsoft confirmed it is working with eEye. "Microsoft is investigating new reports of a possible vulnerability in Publisher 2007, which has been responsibly disclosed to Microsoft [and] will continue to work with eEye to further understand this report," said a Microsoft spokesperson. "[We are] not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."

Although Maiffret declined to provide details of the vulnerability, he tacitly acknowledged that it was a bug in the Publisher 2007 file format. "Ninety percent of the time, [Office] bugs are in file formats. This is basically the same."

Users of Microsoft's Office productivity suites -- going as far back as Office 2000 and including the more recent Office 2003 -- have confronted a flood of flaws in the last 14 months. During 2006, Microsoft unveiled 13 security updates for Office 2000 and 11 for Office 2003; in the first two months of 2007, it's rolled out four bulletins for Office 2000 and six for Office 2003.

"Microsoft's been talking up Office 2007 as one of the first products that went through the Security Development Lifecycle, and telling everyone how great it would be," said Maiffret. "That's interesting, but this [vulnerability] shows that there still are going to be problems.

"With both Vista and Office 2007, it doesn't seem like Microsoft is really talking about compelling functionality. Instead, they're talking about security," Maiffret said. "That's crazy. The software should already have been secure."

Among the other outstanding alerts listed by eEye is one that affects Windows Vista -- and no other Microsoft operating system -- which was reported to the developer Jan. 19.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?