Organisations using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1, could be affected by the vulnerability.

An attacker could gain control by posting a specially crafted Word file on a website.

"Current attacks require customers to take multiple steps in order to be successful we believe the risk to be limited," said Microsoft.

The software supplier said it would provide a security update either through its monthly release process or through an out-of-cycle security update once it had completed its investigation into the attack.

The flaw exploits a vulnerability in Jet Database Engine used by a number of products including Microsoft Access.

For more details of the vulnerability, see the official Microsoft article at the official MS Security Advisory site.

Our advice is to take care before accessing websites with links to Word download files, and ensure that your computer security is constantly updated.