LowMicrosoft Windows Knowledge Base Article 950749 update is not installed on the system, which could allow an attacker to exploit the following vulnerability:
Microsoft Jet Engine is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing a MDB file. By persuading a victim to open a specially-crafted MDB file, a remote attacker could cause the victim's application to crash or possibly execute arbitrary code on the victim's system with the privileges of the victim. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or hosting it on a Web site.
Microsoft Jet Database Engine (msjet40.dll) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing a Word file. By persuading a victim to open a specially-crafted Word file, a remote attacker could cause the victim's application to crash or possibly execute arbitrary code on the victim's system with the privileges of the victim. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or by hosting it on a Web site.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-028. See References.
Microsoft Security Bulletin MS08-028
Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution (950749)
http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx
IBM Internet Security Systems X-Force Database
Microsoft Jet Database Engine MDB file buffer overflow
http://xforce.iss.net/xforce/xfdb/38499
IBM Internet Security Systems X-Force Database
Microsoft Jet Database Engine Word file buffer overflow
http://xforce.iss.net/xforce/xfdb/41380
ISS X-Force
Microsoft Windows Knowledge Base Article 950749 update not installed
http://www.iss.net/security_center/static/42095.php
CVE CVE-2008-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1092
CVE CVE-2007-6026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6026
