Word executes injected code
Microsoft's Jet database engine can be exploited by attackers to remotely execute code in Word. In security advisory 950627, Microsoft notes that users have to execute multiple steps themselves for attackers to be able to execute code. Code executed in this way runs with the user's privileges.
The company states that it is currently looking into how to fix the problem and whether other programs which use the Jet database engine are affected. One possible attack consists of sending a crafted Word file onto a victim.
Users running Word 2000 Service Pack 3, Word 2002 Service Pack 3, Word 2003 Service Pack 2 or 3 or Word 2007 with or without Service Pack 1 under Windows 2000, Windows XP, or Windows Server 2003 SP1 are affected. The bug is fixed from revision 4.0.9505.0 of MSJET40.DLL. This version is included in Windows Vista and Windows Server 2003 SP2. The Jet Database Engine in these operating systems is therefore not vulnerable.