Microsoft has confirmed that hackers are targeting a new vulnerability that could lead to arbitrary code execution.
In an advisory, Microsoft described how the bug can be exploited using a specially crafted Excel document. The malicious Excel file attempts to access an invalid object, allowing the attacker to execute arbitrary code.
According to Microsoft, the vulnerability is currently being exploited in “limited and targeted attacks.” The advisory addresses Microsoft Office 2000, Office 2002, Office 2003, Office 2007, Office 2004 for Mac and Office 2008 for Mac.
If a user is logged on with administrative user rights, an attacker could take complete control of the affected system, gaining the ability to install programs and view, change or delete data, Microsoft warned.
“We have added detection for the malicious spreadsheet files we have seen in the wild, which will be detected as Trojan.Mdropper.AC,” said a post on Symantec‘s Security Response Blog. “The malicious binary dropped by the spreadsheet will be detected as a Trojan horse. Ensure that your definitions are up-to-date to protect yourself from the danger this issue presents.”
Microsoft recommended setting the “Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.” Instructions are included in the Microsoft advisory linked to above. Another workaround is to use MOICE (the Microsoft Office Isolated Conversion Environment) “when opening files from unknown or untrusted sources.” Instructions for installing MOICE are also available as part of the advisory.
There was no word from Microsoft on when a permanent fix for the issue would be forthcoming.