Office 2007 springs its first leak

By Tom Sanders on Feb 28, 2007 3:20PM
Office 2007 springs its first leak
Security vendor eEye has uncovered the first security vulnerability in Microsoft's Office 2007 productivity suite. 

Microsoft launched Office 2007 on 30 January together with its Windows Vista operating system.  

The suite is the first Office version to go through Microsoft's Security Development Lifecycle program that checks and guards against coding errors, and is expected to dramatically reduce the number of security flaws.

The new vulnerability affects Publisher 2007, a desktop publishing tool that is considered a low-end alternative to Adobe InDesign and QuarkXPress.

EEye claims that the flaw could allow an attacker to execute arbitrary code on a system at the same privilege level as the logged-in user.

Effectively this would allow an attacker to take control of a system running Windows XP. But it causes less of a threat to Vista because most users will not be running in administrator mode.

A Microsoft spokesperson said that the company had been notified about a potential vulnerability and is investigating the reports. Microsoft stressed that it is not aware of any attacks exploiting the flaw.

"Microsoft will continue to work with eEye to further understand this report as part of our standard Microsoft Security Response Center investigation process and will provide additional guidance for customers as necessary," said the spokesperson.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
2007 first its leak office software springs

Partner Content

Guiding customers on the uneven path to AI adoption
Guiding customers on the uneven path to AI adoption
Empowering Sustainability: Schneider Electric's Dedication to Powering Customer Success
Empowering Sustainability: Schneider Electric's Dedication to Powering Customer Success
How mandatory climate reporting is raising the bar for corporate leadership
How mandatory climate reporting is raising the bar for corporate leadership
MSPs with a robust data protection strategy will achieve market success
MSPs with a robust data protection strategy will achieve market success
How Expert Support Can Help Partners and SMBs Realize the Full Value of AI
How Expert Support Can Help Partners and SMBs Realize the Full Value of AI

Sponsored Whitepapers

Cut through the SASE confusion
Cut through the SASE confusion
Stay protected as cyber threats evolve
Stay protected as cyber threats evolve
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The changing face of Australian distribution
The changing face of Australian distribution

Most read articles

Save-the-dates for Pipeline 2026: We're levelling up to Hamilton Island in May!

Save-the-dates for Pipeline 2026: We're levelling up to Hamilton Island in May!
The State of Channel Security

The State of Channel Security
Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told

Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told
Fast50 rankings revealed at gala awards in Sydney

Fast50 rankings revealed at gala awards in Sydney

Log in

Email:
Password:
  |  Forgot your password?