On January 15, Microsoft released Security Advisory (947563), which reports of a newly discovered vulnerability in Microsoft Excel. This vulnerability allows a remote user to execute code on the affected system once the victim opens a specially crafted Excel file with malformed headers.

This vulnerability affects the following software:

• Microsoft Office Excel 2003 Service Pack 2
• Microsoft Office Excel Viewer 2003
• Microsoft Office Excel 2002
• Microsoft Office Excel 2000
• Microsoft Excel 2004 for Mac

According to Microsoft, “At this time, we are aware only of targeted attacks that attempt to use this vulnerability.” Note that this vulnerability is still under investigation. Although the risk at this time seems to be limited, it is highly probable that malicious authors are already trying to exploit this vulnerability, knowing especially that Office documents can be effective vectors of infection for malicious attacks. Users should be extra vigilant of Office files that they receive from untrusted sources or that are received unexpectedly from trusted sources.

More information about this vulnerability can be found on this site:

• http://www.microsoft.com/technet/security/advisory/947563.mspx