 "MS Excel Susceptible to \"Zero Day\" Attack")
According to Microsoft, a new vulnerability in Microsoft Office 2000, Microsoft Office 2003, Microsoft Office 2004, and Microsoft Office XP for Mac, can be used to launch a “zero day” attack on Microsoft Excel. For this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.
Microsoft says that it is investigating the reports, and mentions that while the company is currently only aware that Excel is the current attack vector, other Office applications are also potentially vulnerable.
When a user opens a specially crafted Office file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code. In a Web-based attack scenario, an attacker would have to host a website that contains an Office file that is used to exploit this vulnerability.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and persuading him to open the file.
Microsoft recommends users to exercise extreme caution and restrain from opening or saving Office files received from un-trusted sources. Microsoft has said it will take the appropriate action to help protect customers, after completing the investigation.