Security firm warns of first Office 2007 vulnerability

Stephen Withers
Monday, 26 February 2007 09:06

Your IT - Home IT

The research wing of eEye Digital Security has warned of a vulnerability in Microsoft Publisher that allows the execution of arbitrary code. Furthermore, the flaw is remotely exploitable, the company says.

This issue is thought to be the first security flaw in Office 2007, and was reported to Microsoft the week before last.

In recent months the company has recently reported several other vulnerabilities to Microsoft which remain unpatched.

In January, it found a Vista flaw allowing local privilege escalation in Windows Vista.

December saw a local exploit for XP and earlier operating systems allowing "unprivileged code to subvert all operating system or third-party security measures" and gain privileges greater than SYSTEM.

A vulnerability in Internet Explorer 6 identified last October (and still not fixed four months later, according to eEye) "allows for remote execution of arbitrary code with minimal user interaction."