"Microsoft's been talking up Office 2007 as one of the first products that went through the Security Development Lifecycle, and telling everyone how great it would be," said Maiffret. "That's interesting, but this [vulnerability] shows that there still are going to be problems.

"With both Vista and Office 2007, it doesn't seem like Microsoft is really talking about compelling functionality. Instead, they're talking about security," Maiffret said. "That's crazy. The software should already have been secure."

Among the other outstanding alerts listed by eEye is one that affects Windows Vista -- and no other Microsoft operating system -- which was reported to the developer Jan. 19.