Microsoft Corp. apologized to a software rival yesterday for saying its file format[1 ,2] posed a security risk and issued new tools to let users of Office 2003 SP3 unblock a host of barred file types.
In a posting to his own blog, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company’s mistake in blaming insecure file formats, including the one used by CorelDraw.
“We stated that it was the file formats that were insecure, but this is actually not correct,” LeBlanc said, referring to a description in a now-changed support document. “A file format isn’t insecure — it’s the code that reads the format that’s more or less secure. The parsers we use for these older formats aren’t as robust as the code we’ve written more recently, which is part of our decision to disable them by default.