A flaw in Microsoft Corp.'s newly released Office 2007 software whose risk-level is described as "high" could let an attacker hijack a targeted computer, a security company says.
Microsoft has been touting the improved security of its integrated suite of productivity tools launched on Jan. 30 along with the consumer and business retail versions of its new Windows Vista operating system.
But researchers at eEye Digital Security of Aliso Viejo, Calif., about 80 kilometres south of Los Angeles, say they have found a flaw in Microsoft Office Publisher 2007 that could let an attacker run software on a compromised system from a remote location.
The flaw, which requires a victim to open an infected file, was found Feb. 16 and reported to Microsoft, according to an advisory on eEye's website.
Disclosure of a vulnerability in Office 2007 found little more than two weeks after the software was released amid fanfare about its security could be seen as a black eye for the world's largest software maker.
But security experts generally regard newly released software such as Office 2007 as less likely targets for exploitation by criminals since they do not yield as many potential targets as older programs that have a much larger base of users.
