I personally work with SQL databases for web development work however I need to learn about Access databases for some upcoming AS Level exams. I asked my teacher, whether Access was vulnerable to Injection attacks and she looked at me with a quizical expression on her face so after trying to explain to her in two sentences as not to waste time what an SQL Injection attack was she replied saying,
'I don't have SQL turned on'.
Considering she is a web designer part time, I would of expected her to know what an Injection attack was but that is besides the point, I never recieved a straight answer to the question.
As in SQL, you can inject malicious code through a poorly designed form and this can be executed alongside the original query, can the same be done in Access?
I am by far a sql injection expert, but from my understanding and experience, the vulnerability is not really SQL related. The issue is with the way you collect the user input and pass that input within the query sent to your sql data source. So i would say yes.