Scarecrow Man Posted February 28, 2007 Report Share Posted February 28, 2007 The consumer version of Office 2007, which launched only four weeks ago, is designed to withstand higher scrutiny by malicious code writers, as Microsoft subjected the software to code auditors as part of its security development lifecycle.But researchers at eEye Digital Security found a file format vulnerability in Microsoft Office Publisher 2007, which could be exploited to let an outsider run code on a compromised PC."We were surprised we could find a flaw so quickly [after Office 2007 launched] and one that was part of their core products," said Ross Brown, eEye's chief executive.As am I... Full StoryeEye's Vulnerability ReportA remotely exploitable flaw exists within Publisher 2007 that allows arbitrary code to be executed in the context of the logged in user.No patch has been released. -- 02/08/07 Quote Link to comment Share on other sites More sharing options...
trackrat Posted February 28, 2007 Report Share Posted February 28, 2007 I bet there will be more patches for Vista than Office 2007. Quote Link to comment Share on other sites More sharing options...
Scarecrow Man Posted February 28, 2007 Author Report Share Posted February 28, 2007 Interesting readMyth Statistics 'prove' that Windows has fewer, less serious security issues than Linux, that Windows issues are always fixed, and that they are fixed faster. Fact Quite a broad collection of 'facts' exist in this category, but what they have in common is the (actual) fact that they are usually based on single metrics, on a single aspect of measuring security. Claims that all Windows flaws get fixed are baffling when we consider that there are Microsoft Security Bulletins saying some flaws will never be fixed, and the existence of these also makes it tricky to understand how the fix rate could ever get to be 100 per cent.....If we reality-check these conclusions against another scale, we find that vulnerability metrics used by the US Computer Emergency Readiness Team (CERT) return 250 results for Microsoft, with 39 having a severity rating of 40 or greater, and 46 for Red Hat, with only three scoring over 40. So simply making claims based on that one metric (as Steve Ballmer did, again, earlier this week) is like judging a hospital's effectiveness in dealing with emergency cardiac care from its average speed in dealing with all patients.http://www.theregister.co.uk/2004/10/22/li...ndows_security/ - HMTL http://www.theregister.co.uk/2004/10/22/se...ws_vs_linux.pdf - PDF Quote Link to comment Share on other sites More sharing options...
andsome Posted March 1, 2007 Report Share Posted March 1, 2007 The consumer version of Office 2007, which launched only four weeks ago, is designed to withstand higher scrutiny by malicious code writers, as Microsoft subjected the software to code auditors as part of its security development lifecycle.But researchers at eEye Digital Security found a file format vulnerability in Microsoft Office Publisher 2007, which could be exploited to let an outsider run code on a compromised PC."We were surprised we could find a flaw so quickly [after Office 2007 launched] and one that was part of their core products," said Ross Brown, eEye's chief executive.As am I... Full StoryeEye's Vulnerability ReportA remotely exploitable flaw exists within Publisher 2007 that allows arbitrary code to be executed in the context of the logged in user.No patch has been released. -- 02/08/07I thought that this was the point of months on end of Beta testing. :lol: Quote Link to comment Share on other sites More sharing options...
Scarecrow Man Posted March 6, 2007 Author Report Share Posted March 6, 2007 Still no report on a patch as of March 6th, 2007. Talk about leaving your customers out to dry. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.