No install of Office includes SQL Server, but when JET or Access are installed, they included several methods of attaching to remote SQL Servers. Certainly, you shouldn't be installing Access on the server, where your SQL Server is installed.
And there is always malware infecting the host of a privileged user, or a non-privileged user and escalating privileges, to chain onto the JET vulnerabilities.
Likewise, unless you are a dev, you probably don't have IIS running locally either, that is also usually on a server somewhere in a server room.
Biting the hand that feeds IT
