Word users have been targeted in attacks due to vulnerability in Microsoft Jet Database Engine

Microsoft is investigating attacks which have been found using a vulnerability in Microsoft Jet Database Engine and exploited through MS Word.

The attacks have been targeted and require the user to open a corrupted MS Word file either via an email link , web site or similar source.

If successful, it would allow the attacker to have the same privileges as the local user-a good reason not to go browsing logged in as administrator.

The attacks affect versions of MS Word from 2000 to 2007, depending on which service pack is being used.

The following are vulnerable to these attacks:

Microsoft Word 2000 Service Pack 3,
Microsoft Word 2002 Service Pack 3,
Microsoft Word 2003 Service Pack 2,
Microsoft Word 2003 Service Pack 3,
Microsoft Word 2007, and
Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

Those that are not vulnerable due to the version of the Microsoft Jet Database are:

Windows Server 2003 Service Pack 2,
Windows Vista, and Windows Vista Service Pack 1.

Story link: Word users have been targeted in attacks due to vulnerability in Microsoft Jet Database Engine