Products affected are Microsoft Office 2000, Microsoft Office 2002, Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, Microsoft revealed.

 

According to the company’s security blog, the attacks have so far targeted users of Office 2007 running an earlier version of Windows, such as Windows 2000, XP, and 2003. It appears that the attacks don’t work on Windows Vista or earlier versions of Microsoft Office.

 

We analyze a lot of Office content type exploits and this is the first time we have seen a working exploit in-the-wild that is able to run code on Office 2007, the company wrote on its security blog.

 

The attacker could gain the same user rights as the local user, but users whose accounts are configured to have fewer user rights on the system could be less affected. Furthermore, Microsoft revealed that the vulnerability cannot be exploited automatically through e-mail.

 

Users have been advised to turn on MOICE in order to protect themselves (MOICE converts the XLS to XSLX before opening, making it unsusceptible to the vulnerability) and turn on FileBlock, allowing Excel to only open the new XML-based file format that is safer.