Microsoft announced that a newly-found flaw in its Jet Database Engine can be exploited through Microsoft Word. Windows XP users should be on their toes.
The Redmond company stressed out that the attacks related to the flaw are “very limited” and do not affect those Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1, given that the trio already includes a version of the Microsoft Jet Database Engine that is not vulnerable.
“At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Current attacks require customers to take multiple steps in order to be successful; we believe the risk to be limited.”
Still, the buffer overrun error does have a lengthy list of possible victims, including Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 packed with the following:
- Microsoft Word 2000 Service Pack 3 - Microsoft Word 2002 Service Pack 3 - Microsoft Word 2003 Service Pack 2 - Microsoft Word 2003 Service Pack 3 - Microsoft Word 2007 - Microsoft Word 2007 Service Pack 1
The company stated that an attacker would have to host a Web site that contains a specially crafted Word file that is used to attempt to exploit this vulnerability and would have to persuade users to visit the Web site. If successful, the exploitation of flaw would grant the attacker the same user rights as the local user.
Add to Favorites
Set Home Page
