Threat Center Security News Microsoft Word Vulnerability
Microsoft Word Vulnerability Print E-mail
Written by Rebecca Mints   
Monday, 24 March 2008 11:11
Last Friday Microsoft issued a security advisory that suggests there is a vulnerability in their Word product. Microsoft said they are conducting an investigation of some "very limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word." Access to data is open to many Microsoft and third-party applications via the Microsoft Jet Database Engine, including Microsoft Visual Basic, Microsoft Access, and some Information Services (IIS) applications.

The affected software includes all versions of the Microsoft Jet Database Engine lower than 4.0.9505.0. Successful exploitation requires a user to open a Word document either attached to something or on a Web site. Then the malicious file would load a database file that uses msjet40.dll. Microsoft says the risk is limited, and that in the meantime warns users not to open Word documents from any untrusted sources.

People that are running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not affected.


REFERENCES:
InformationWeek
Microsoft Issues Word Vulnerability Warning
 

WTW Threat Level