Zero day vulnerability found in Excel
Vulnerabilities in Microsoft Office seem to be turning up left, right and centre. Following the disclosure of five unpatched vulnerabilities in Word, a hole has been found in Excel. The culprit this time, just as for the recent vulnerability in Word, is a zero day vulnerability, with which an attacker can obtain the same privileges as the user. Excel versions 2000, XP, 2003 and Office 2004 for the Mac are affected. Microsoft does not exclude the possibility that other Office applications are also affected - Works users, however, should be on safe ground.
Until Microsoft releases a fix, all users can do to avoid this security vulnerability is to follow the usual advice - use anti-virus software, don't open e-mail attachments, don't work in Windows with admin privileges and update your software - Excel 2007 is not affected.
- Vulnerability in Microsoft Office Could Allow Remote Code Execution, security advisory from Microsoft