Another office security flaw, eh? Well, at least they are finding them (well, Secunia is anyway.) Yes, once again Microsoft is looking into the possibility of there being an unpatched flaw in its Office software suite, the result of which could be to invite hackers to remotely access users' systems. Currently filed under the category of "highly critical" from IT security firm Secunia, the flaw was not addressed in the recent updates from Microsoft.
The unpatched flaw exists in Microsoft's Jet Database Engine, which can be exploited to execute arbitrary code by tricking users into opening a specially designed ".mdb" file in Microsoft Access, according to the Secunia advisory.
Exploit code for the vulnerability has already been posted to a public mailing list, the security company warns.
Microsoft believes that these sorts of things should be reported to the vendor first; any posting to a public mailing list carries the risk of the flaw being made into an exploit and used. Secunia has said that that was exactly what happened, and that Microsoft took no notice.
Secunia says the flaw was first reported by security firm HexView. HexView says it notified Microsoft of the vulnerability on March 30 and received no response. The software vendor declines to comment on the notification claim.