All Content
Researchers at Vupen Security say they have uncovered a security vulnerability in Microsoft Office 2010. However, their discovery has been met with criticism from Microsoft, which complains that it has not received technical details of the bug.
A report of a security flaw in Microsoft Office 2010 has been greeted with criticism by Microsoft because researchers chose not to notify the company of their findings.
Researchers at Vupen Security said they discovered a memory corruption flaw that could be used by an attacker to execute code. The company June 22 said it "created a code execution exploit which works with Office 2010 and bypasses DEP (Data Execution Prevention) and Office File Validation features."
The bug, Vupen CEO Chaouki Bekrar told eWEEK, is caused by a heap corruption error when processing malformed data within an Excel document.
"Exploiting this vulnerability is not trivial since many security features are enabled by default in Office 2010 including DEP ... Office File Validation and Protected View," Bekrar explained in an e-mail. "However, we have been able to reliably achieve code execution via a specially crafted Excel document."
Read the entire eWEEK article here.
Be the FIRST to comment on this article!