Researchers at eEye Digital Security of Aliso Viejo, California, say they have found a flaw in Microsoft’s newly released Office 2007 software whose risk-level is described as “high” since it could let an attacker run software on a compromised system from a remote location. The flaw is specific to Microsoft Office Publisher 2007 and requires a victim to open an infected file. According to an advisory on eEye’s website, the vulnerability was found and reported to Microsoft on February 16, a little more than two weeks after the software was released. In general, security experts regard newly released software such as Office 2007 as less likely targets for exploitation by criminals since they do not yet have a large user base.
Microsoft, Office 2007, Security, Vulnerability, CBC, News