Microsoft Word Vulnerability
Microsoft Word - Microsoft Jet Database Engine MDB File Parsing Unspecified Remote Code Execution Vulnerability
The Microsoft Jet Database Engine is susceptible to a remote code-execution vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary machine code in the context of the user running the affected applications. This code execution vulnerability is caused by a buffer overflow in the Microsoft msjet40.dll file, also known as the Microsoft Jet Database Engine. A remote attacker can exploit this vulnerability by enticing a user to open a Microsoft Word file that is constructed to load the specially crafted database file using msjet40.dll.
A successful exploit will compromise the affected applications and most likely the computer operating system. A failed attack will most likely result in a denial-of-service condition.
This vulnerability is found in the following Microsoft Word versions:
Microsoft Word 2000 Service Pack 3
Microsoft Word 2002 Service Pack 3
Microsoft Word 2003 Service Pack 2
Microsoft Word 2003 Service Pack 3
Microsoft Word 2007
Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000
Microsoft Word 2007 Service Pack 1 on Windows XP
Microsoft Word 2007 Service Pack 1 on Windows Server 2003 Service Pack 1.
This vulnerability does not affect Windows Server 2003 Service Pack 2, Windows Vista, or Windows Vista Service Pack 1 as these environments contain a non-vulnerable version of the Jet Database Engine.
Microsoft has received reports of public exploit code.
More information can be found at the following URLs:
This risk definition refers to the risk to the system owner.
Large and medium government entities: High
Small government entities: High
Large and medium business entities: High
Small business entities: High
Home users: High
Do not open or save any Microsoft Word files that you receive from unknown or non-trusted sources. Confirm the transmission of any files received in email from trusted sources prior to opening or saving the Microsoft Word file.
Once Microsoft makes a patch available, download and install the patch as soon as possible.