Microsoft is contending with a new Trojan exploit in its
Office collaborative software suite that could allow remote
attackers to take over vulnerable computers.
The exploit takes advantage of a flaw in Microsoft's Jet
database engine, which is a lightweight database used in the
company's Office software.
Microsoft has known of the potential problem since April but the
Trojan now circulating on the internet is the first real exploit of
the flaw.
Microsoft says it is aware of the exploit and is considering
whether it warrants a separate security patch.
The Trojan is sent to potential victims as a Microsoft Access
file. Should this file be run by users, it would give remote
attackers control of infected machines, said security software
company Symantec.
Secunia, another internet security firm, said the flaw was
"highly critical". Secunia said the problem related to a memory
handling error when parsing database .mdb files in Microsoft
Access.
