Attackers are exploiting a buffer overrun vulnerability in the lightweight database that provides data access to Microsoft Access, Visual Basic and third-party applications.

An unpatched security flaw in Microsoft's Jet Database Engine is being used to launch targeted attacks against Windows users, according to an advisory from the software vendor.

The attacks, described by Microsoft as "very limited," are exploiting a buffer overrun vulnerability in the lightweight database that provides data access to applications such as Microsoft Access, Microsoft Visual Basic and third-party applications