Redmond (WA) - Microsoft has issued an advisory for a critical vulnerability in Microsoft Word that, while "very limited" in scope, could lead to damaging attacks without an official fix yet.

The software giant confirmed the vulnerability that was reported earlier this month from Ismael Briones, a researcher at antivirus company Panda.  According to the reports, the vulnerability lies mainly within Microsoft's Jet Database Engine, which is used in the company's professional software applications like Access and Visual Basic.



By sending out a malicious Word document, an attacker could compromise the engine and overtake someone else's computer remotely.  The victim would need to own the appropriate software and physically open the Word file for the vulnerability to have any effect.  As such, Microsoft says the threat is "very limited."

Additionally, users running Windows Vista or Vista Service Pack 1, or Windows 2003 Service Pack 2 are immune from any attacks this threat could pose.

"Microsoft is investigating the public reports and customer impact. We are also investigating whether the vulnerability can be exploited through additional applications. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers," said Microsoft in its advisory.

The company added that if necessary, it will release a special security update, however the problem will more likely be patched during Microsoft's regularly scheduled monthly update.

sn...afu, why is it always "overtake" "remotely"?

Mar 24, 2008 15:28     

why is this news if it is patched already?
coldmast report abuse vote down vote up Votes: +0

aint it interesting

Mar 24, 2008 16:47     

"Additionally, users running Windows Vista or Vista Service Pack 1, or Windows 2003 Service Pack 2 are immune from any attacks this threat could pose." seems like a coincidence that vista is protected but xp isnt weird.
logosta report abuse vote down vote up Votes: +0

interesting?

Mar 26, 2008 22:27     

not really, considering that vista had a revamp of what users can use and not use, and what processes their objects can take over and what they can't. it's not because they chose, it's because it's a fundamental flaw in XP's authentication system that has been SOMEWHAT fixed in vista
mazuki report abuse vote down vote up Votes: +0