Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file, the company announced on Thusday.
Microsoft said that only of limited and targeted attacks have attempted to use this vulnerability.
Upon completion of Microsoft's investigation, Microsoft plans to provide a solution through a service pack, its monthly security update release process, or an out-of-cycle security update.
According to Microsoft, an attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
Microsoft suggests users not to open or save Office files that they receive from un-trusted sources or that are received unexpectedly from trusted sources. In addition, users may use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources.
The Microsoft Office Isolated Conversion Environment (MOICE) will protect Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files.
For additional information, visit http://www.microsoft.com/technet/security/advisory/968272.mspx