Microsoft probes Word flaw that permits targeted attacks

Security risk from the flaw, which is found in Microsoft's Jet Database, is considered low because users must go through multiple steps in order for the attack to succeed.

Martin LaMonica Former Staff writer, CNET News
Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT publication InfoWorld.
Martin LaMonica

Microsoft is looking into a vulnerability that could affect Word, the company said Monday.

Overall, Microsoft said, it believes the vulnerability's risk is limited because its requires people to take multiple steps for the hack to be successful. Microsoft said it is only aware of targeted attacks that take advantage of the flaw.

The vulnerability is in Microsoft's Jet Database engine, which can be exploited through Word. Microsoft is investigating whether other applications can also exploit the vulnerability.

According to Microsoft's security alert:

Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.

Customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 are vulnerable to these attacks.

People who believe they have been attacked can go to the Microsoft Web site for support.