Technology news and Jobs arrow Information Technology News arrow Jet vulnerability under attack
Jet vulnerability under attack PDF E-mail
by Stephen Withers   
Tuesday, 25 March 2008
Page 1 of 2
Microsoft has warned that a Word-based exploit for a flaw in the its Jet database engine has been discovered.
According to the company only "a very limited, targeted attack" has been seen so far.

Microsoft's initial analysis is that Word 2000 SP3, Word 2002 SP3, Word 2003 SP2, Word 2003 SP3, Word 2007 and Word 2007 SP1 running on Microsoft Windows 2000, Windows XP, or Windows Server 2003 SP1 are all vulnerable.

The version of Jet included in Windows Server 2003 SP2, Windows Vista and Vista SP1 does not have the buffer overflow vulnerability that is being exploited.

The Jet database engine is used by Access, Word and other pieces of software from Microsoft and third-party developers. Microsoft's investigation of the problem includes a consideration of the possibility that the underlying flaw can be exploited via other applications.

Symantec has been reporting Jet vulnerabilities and targeted attacks involving .mbd (Access) files since March 2006, according to Elia Florio, senior security response engineer, but Microsoft's response has been that .mdb files are considered 'unsafe' by Internet Explorer, Outlook and other applications, so the underlying bug cannot be regarded as critical.

CONTINUED


<< First page <   1 2 Next page > Last page - Post your comment >>
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
Suscribers		 904,266
13,751
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire