Microsoft launched Office 2007 on 30 January together with its Windows Vista operating system.
The suite is the first Office version to go through Microsoft's Security Development Lifecycle programme that checks and guards against coding errors, and is expected to dramatically reduce the number of security flaws.
EEye claims that the flaw could allow an attacker to execute arbitrary code on a system at the same privilege level as the logged-in user.
Effectively this would allow an attacker to take control of a system running Windows XP. But it causes less of a threat to Vista because most users will not be running in administrator mode.
A Microsoft spokesperson said that the company had been notified about a potential vulnerability and is investigating the reports. Microsoft stressed that it is not aware of any attacks exploiting the flaw.
"Microsoft will continue to work with eEye to further understand this report as part of our standard Microsoft Security Response Center investigation process and will provide additional guidance for customers as necessary," said the spokesperson.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago