Some vulnerabilities have been reported in Microsoft Jet Database Engine, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to a memory handling error and a boundary error in the Microsoft Jet Database Engine (msjet40.dll). This can be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted Word document that automatically loads another file (e.g. a renamed ".mdb" file) in the same location as a JET database file.

NOTE: These vulnerabilities can also be exploited by tricking a user into opening a malicious ".mdb" file in Access. However, it should be noted that the ".mdb" file type is considered unsafe as it allows running arbitrary code when opened in Access. The gain from exploiting this vulnerability via Access is thus not greater than if a user is convinced into opening an ordinary ".mdb" file not exploiting any of these vulnerabilities.

The vulnerability only affects versions of msjet40.dll prior to 4.0.9505.0 and thus systems running Windows Server 2003 SP2, Windows Vista, and Windows Vista SP1 are not vulnerable.

Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
HexView and cocoruder.

Microsoft Word attack vector reported as a 0-day.

Changelog
Further details available to Secunia VIM customers

Original Advisory
MS08-028 (KB950749):
http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx

Microsoft:
http://www.microsoft.com/technet/security/advisory/950627.mspx

Hexview:
http://www.hexview.com/docs/20050331-1.txt

cocoruder:
http://ruder.cdut.net/blogview.asp?logID=227

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers