Microsoft has announced a vulnerability in Microsoft Office Excel that allows remote code execution by means of an infected Excel file. Virtually all current versions of Excel are vulnerable, including those for the Mac.
Infected Excel files could be distributed via email as attachments. Also, documents placed on web sites, especially those that allow anonymous posting, would be likely targets.
Microsoft indicates that they have no knowledge of an active exploit for this vulnerability. As of March 3, there was no date scheduled for a patch release.
As always, please do not open files whose source is unknown.
For more information see http://www.microsoft.com/technet/security/advisory/968272.mspx.
Submitted: Monday, March 9, 2009 - 3:00pm