We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft investigates Office 2007 flaws

Word 2007 vulnerability 'not yet exploited'

Security experts have discovered vulnerabilities in Microsoft Word 2007, and other software. Hackers have not yet exploited the Word 2007 flaws, however.

The flaws were reported just as Microsoft released its latest round of security patches. Three of the new-found vulnerabilities affect Word 2007, according to the Security Vulnerabilities website .

Details are scarce at the moment, but two of the Word 2007 flaws appear to allow an attack that can create conditions similar to those caused by a DoS (denial of service) attack, with CPU usage surging to 100 percent, the website says.

The third vulnerability could allow remote code execution, and the fourth, which concerns the ".hlp" extension for Windows Help files, could lead to a heap overflow condition, the posting said.

Three proof-of-concept Word documents plus a malicious ".hlp" file illustrating the vulnerabilities were available for download from at least one website on Wednesday.

Microsoft said this morning that it was investigating the reports but was not aware of any attacks.

Click here for the definitive review of Microsoft Office 2007

The discovery of the vulnerabilities came as Microsoft issued seven fixes for critical flaws on Tuesday. Hackers have often timed the disclosure of vulnerabilities just after Microsoft's patch day, the second Tuesday of the month, to maximize their time to exploit computers, said Greg Day, a security analyst for McAfee.

"It's becoming a very common trend," he said.

Security researchers have said that as Microsoft fixes problems within its operating systems, hackers are actively hunting for flaws in its Office applications.

When they find one, hackers will send spam with, for example, a malicious Word document attached. Downloading and opening the file could allow a hacker to take control of the machine. Microsoft has warned that people shouldn't open files sent from unknown sources.

April is proving to be a rough month for Microsoft: It issued an emergency patch on 3 April for the animated cursor flaw, which could let a hacker control the machine after merely viewing a malicious website.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Apple's 2014 highlights: the most significant Apple news of 2014

IDG UK Sites

Watch this heartwarming Christmas short by Trunk for composer John Rutter

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad