Flaws in the Microsoft Office software suite could be used by pranksters or cybercrooks through e-mail or rogue Web sites to retrieve, alter or erase data in computers used by millions of people.
Some newer computers made by Compaq Computer Corp. and Hewlett-Packard Co. that can be upgraded automatically over the Internet also contain flaws that could be similarly exploited, but only over the World Wide Web, security experts have found.
Attempts to take advantage of the vulnerabilities would not be detected or prevented by antivirus software, but there is no evidence that such mischief has occurred, said Russ Cooper, who runs the Windows NT security mailing list NTbugtraq.
Cooper said Saturday that Microsoft Corp. developers expect to have an Office fix ready as early as Tuesday. The flaws, which affect Word, Excel, Powerpoint and other Office program documents, were first reported Saturday in the New York Times. The documents may be used as Trojan Horses to implant malicious code into a computer that could change or destroy files or even an entire hard drive.
Office 2000 and some of the final versions of Office 97 are free from the flaw, but it is present in millions of installed versions of Office 97 and probably also in many older versions, possibly dating as far back as 1992.