Publisher 2007 flaw could allow attacker to take control of a system. EEye claims that the flaw could allow an attacker to execute arbitrary code on a system at the same privilege level as the logged-in user.
Effectively this would allow an attacker to take control of a system running Windows XP. But it causes less of a threat to Vista because most users will not be running in administrator mode.
A Microsoft spokesperson said that the company had been notified about a potential vulnerability and is investigating the reports. Microsoft stressed that it is not aware of any attacks exploiting the flaw.
“Microsoft will continue to work with eEye to further understand this report as part of our standard Microsoft Security Response Center investigation process and will provide additional guidance for customers as necessary,” said the spokesperson.