Excel 2007 flaw leaves users open to attack

A security flaw in Microsoft Excel is being exploited by hackers, says Symantec.

According to the security vendor, the zero day vulnerability does not yet have a patch and is actively being used to attack computers. The problem affects Excel 2007 and the same version of that program with Service Pack 1, according to an advisory on SecurityFocus, a website that tracks software flaws. Other versions of Excel may also be affected, it said.

The program's vulnerability can be exploited if a user opens a maliciously-crafted Excel file. Then, a hacker could run unauthorised code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls 'Trojan.Mdropper.AC'.

Microsoft Excel 2008 review

The Trojan, which works on PCs running the Vista and XP operating systems, is capable of downloading other malware to the computer. Microsoft said it is only aware of "limited and targeted attacks" and that it would release more information this week.

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure.

See also: Hackers exploit PCs with unpatched Excel app