Attackers Targeting Unpatched Vulnerability in Excel 2007

Microsoft's Excel spreadsheet program has a 0-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec.

A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed. The problem affects Excel 2007 and the same version of that program with Service Pack 1, according to an advisory on SecurityFocus, a Web site that tracks software flaws. Other versions of Excel may also be affected, it said.

The program's vulnerability can be exploited if a user opens a maliciously-crafted Excel file. Then, a hacker could run unauthorized code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls "Trojan.Mdropper.AC."

That Trojan, which works on PCs running the Vista and XP operating systems, is capable of downloading other malware to the computer. Microsoft said it is only aware of "limited and targeted attacks" and that it would release more information later on Tuesday.

Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon