A weakness in how Office applications handle Macromedia Flash files
exposes Microsoft customers to cyberattacks, experts have warned.
Flash files embedded in Office documents could run and execute code
without any warning, Symantec said in an alert sent to customers on
Thursday. The security issue is the third problem reported within a
week that affects Microsoft Office users.
The issue relates to the ability to load ActiveX controls in an Office
document and is not a vulnerability but an Office feature, a Microsoft
representative said. "This behavior is by design and by itself does not
represent a security risk to customers," he said.
The ActiveX issue is the third security problem related to Office to
surface within in a week. On Tuesday, Microsoft confirmed that a flaw related to a Windows component called "hlink.dll" could be exploited by crafting a malicious Excel file. Late last week, Microsoft said a flaw in Excel was being exploited in at least one targeted cyberattack. The company has said it is working on a patch for the first new Excel flaw.
News source: CNET News.com