Fresh Microsoft Office security problems found

By Derek Sooman on April 13, 2005, 4:30 PM
Another office security flaw, eh? Well, at least they are finding them (well, Secunia is anyway.) Yes, once again Microsoft is looking into the possibility of there being an unpatched flaw in its Office software suite, the result of which could be to invite hackers to remotely access users' systems. Currently filed under the category of "highly critical" from IT security firm Secunia, the flaw was not addressed in the recent updates from Microsoft.

The unpatched flaw exists in Microsoft's Jet Database Engine, which can be exploited to execute arbitrary code by tricking users into opening a specially designed ".mdb" file in Microsoft Access, according to the Secunia advisory.

Exploit code for the vulnerability has already been posted to a public mailing list, the security company warns.


Microsoft believes that these sorts of things should be reported to the vendor first; any posting to a public mailing list carries the risk of the flaw being made into an exploit and used. Secunia has said that that was exactly what happened, and that Microsoft took no notice.

Secunia says the flaw was first reported by security firm HexView. HexView says it notified Microsoft of the vulnerability on March 30 and received no response. The software vendor declines to comment on the notification claim.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.