Microsoft Confirms: We Have A Word Vulnerability
Microsoft announced that a newly-found flaw in its Jet Database Engine can be exploited through Microsoft Word. Windows XP users should be on their toes.
March 24, 2008
The security advisory reads the following:
“At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Current attacks require customers to take multiple steps in order to be successful; we believe the risk to be limited.”
Still, the buffer overrun error does have a lengthy list of possible victims, including Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 packed with the following:
- Microsoft Word 2000 Service Pack 3
- Microsoft Word 2002 Service Pack 3
- Microsoft Word 2003 Service Pack 2
- Microsoft Word 2003 Service Pack 3
- Microsoft Word 2007
- Microsoft Word 2007 Service Pack 1
The company stated that an attacker would have to host a Web site that contains a specially crafted Word file that is used to attempt to exploit this vulnerability and would have to persuade users to visit the Web site. If successful, the exploitation of flaw would grant the attacker the same user rights as the local user.