Microsoft is investigating a new vulnerability in Excel that could allow remote code execution if a user opens an infected file. The company said that this vulnerability affects versions of Office for Windows and the Mac.
The vulnerability was first discovered by Symantec engineers in Japan on Tuesday morning. Symantec said the vulnerability specifically affects the older Excel .xls format, not the newer .xlsx format. Of course, Excel 2008 will open the older files, so the vulnerability still exists.
According to Microsoft, once successfully executed the attacker could gain the same user permissions as the local user.
Symantec added detection for the vulnerability to its software products, which will be detected as a Trojan horse with the name Trojan.Mdropper.AC.
Microsoft said it would provide an update for customers when it finishes investigating the issue. Microsoft noted that Office 2004 and 2008 for Mac were both affect by the vulnerability.