Microsoft has released an advisory over a vulnerability in Microsoft's Jet Database Engine that can be exploited through Microsoft Word.
Although the attack is thought to be very limited in scope, it has appeared on the radar on several security firms (Symantec and Panda) in the last couple of weeks.
According to Symantec
"The attacker needs only to find a trick to force the MS Jet library to open the file and trigger the vulnerability that will run the malicious shellcode. Some social engineering and a little help from Office applications will work out well in this specific attack. In fact, it is possible to call MSJET40.DLL directly from MS Word, without using Access at all."
Users of Microsoft versions from Word 2000 to 2007 running on all Windows versions from 2000 to Server 2003 SP1 are vulnerable to the attack.
Microsoft cites a number of mitigating factors which might help to reduce exposure to the vulnerability.
- Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to this issue.
- An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
- In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted Word file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's site.