World leading software company, Microsoft is disputing reports of three new flaws in its Office software while also taking issue with how the alleged flaws were disclosed, the company said Wednesday. The company also said it was not notified of the alleged problems before they were publicly disclosed, a practice generally frowned upon in the security industry.

Several security websites reported four new vulnerabilities, three affecting Microsoft’s Word 2007, just as Microsoft released its latest round of security patches. But Microsoft said in a statement that none of the three alleged to affect Word 2007

“demonstrate any vulnerability in Word 2007 or any Office 2007 products.”

Two of alleged Word 2007 problems are said to cause CPU usage to 100 percent, creating a denial-of-service condition for other running programs. According to a posting on the Security Vulnerabilities website. Microsoft’s Word 2007 third vulnerability could even allow remote code execution and PC could become vulnerable of hacking.

The posting further reported the about fourth vulnerability, which is effecting Windows help files with “.hlp” file extension and could lead to a heap overflow condition. Microsoft did not have further information on whether it considers it a vulnerability .
The world’s biggest software company, shipped 11 security patches in total, including a cumulative Internet Explorer bulletin and an update meant to fix a flaw in the Windows Media file format.

Microsoft said the these critical flaw could be exploited using a specially-created Web page designed to attack the issue, which is present in Microsoft’s Internet Explorer (IE 5 & 6), Windows 2000, Windows XP and Windows Server 2003 systems.

Via: www2.csoonline.com