According to the security vendor, the zero day vulnerability does not yet have a patch and is actively being used to attack computers. The problem affects Excel 2007 and the same version of that program with Service Pack 1, according to an advisory on SecurityFocus, a website that tracks software flaws. Other versions of Excel may also be affected, it said.
The program's vulnerability can be exploited if a user opens a maliciously-crafted Excel file. Then, a hacker could run unauthorised code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls 'Trojan.Mdropper.AC'.
The Trojan, which works on PCs running the Vista and XP operating systems, is capable of downloading other malware to the computer. Microsoft said it is only aware of "limited and targeted attacks" and that it would release more information this week.
Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure.