Attackers targeting unpatched vulnerability in Excel 2007

25.02.2009
Microsoft's Excel spreadsheet program has a that attackers are exploiting on the Internet.

A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed. Microsoft said Tuesday that it plans to patch the issue, but did not say when. The company's next set of security patches are set to be released March 9.

"At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability," wrote Microsoft Spokesman Bill Sisk in a . "We are developing a security update for Microsoft Office that addresses this vulnerability."

The vulnerability affects Microsoft Office 2007, Microsoft Office 2003, Microsoft Office 2002, and Microsoft Office 2000. It also affects the following Mac products: Microsoft Office 2008, Microsoft Office 2004, and the Mac's Open XML File Format Converter.

It was first disclosed Monday in an posted on SecurityFocus, a Symantec-run Web site that tracks software flaws.

The program's vulnerability can be exploited if a user opens a maliciously-crafted Excel file. Then, a hacker could run unauthorized code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls "."