Christopher Budd, security program manager for the Microsoft Security Response Center, said on the center’s blog this week that the Redmond, Wash., company is investigating the proof-of-concept practical execution and report library (PERL) script flaw.
"First, I want to be clear that this is proof-of-concept code and not an attack. We’re not aware of any attacks based on this code based on our work with our Microsoft Security Response Alliance partners," he said.
The flaw is actually located in hlink.dll, a Windows component that handles hyperlink operations.
An affected user would have to clink on a specially crafted hyperlink within an email to infect his or her PC, not just open a malicious email, according to Budd.
"We have not found any way to attempt to exploit this vulnerability that involves simply opening a document: a user must locate and click a hyperlink in the document," said Budd, who reminded users only to open attachments from trusted users and to be careful when surfing the web.
Vulnerability monitoring firm Secunia said Tuesday that the flaw is highly critical and could allow the execution of malicious code.
The flaw is caused by a boundary error in hlink.dll within the handling of hyperlinks. This can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted hyperlink in a malicious Excel document, according to a Secunia advisory.
Microsoft released a dozen fixes as part of its monthly Patch Tuesday bulletin release last week – predating the discovery of the first Excel flaw by only a few days.
On Tuesday, Redmond released a workaround for the zero-day flaw, helping users screen for malicious Excel documents.