Your files were not security flaws
Last modified on Tuesday, 08 January 2008 16:20
Microsoft apologized to Corel for claiming that the CorelDraw format was insecure.
In a posting to his own blog, David LeBlanc, a Senior Software Development Engineer admitted that Microsoft stated that it was the file formats that were insecure, but this was incorrect.
He said that the file format is not insecure. Rather, it was the Office code that reads the format that is more or less secure. The parsers used for these older formats aren't as robust as the code they have written more recently, which is part of the decision to disable them by default.
Corel complained that Microsoft had blocked its .cdr file format in last September's Office 2003 Service Pack 3 update.