Microsoft Word users are vulnerable to an attack that
could allow hackers to gain remote access to their
computer.
Organisations using Microsoft Word 2000 Service Pack 3,
Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service
Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007,
and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000,
Windows XP, or Windows Server 2003 Service Pack 1, could be
affected by the
vulnerability.
An attacker could gain control by posting a
specially crafted Word file on a website.
"Current attacks require customers to take multiple steps in
order to be successful we believe the risk to be limited," said
Microsoft.
The software supplier said it would provide a security update
either through its monthly release process or through an
out-of-cycle security update once it had completed its
investigation into the attack.
The flaw exploits a vulnerability in Jet Database Engine used by
a number of products including Microsoft Access.
Microsoft is investigating whether other programs may also be
exploited in this type of attack.
Word security flaw >>