In a bulletin on its site,
Opening the Excel file, either as an attachment to an email or as a link on a Web site, may corrupt system memory in a way that an attacker could exploit to execute arbitrary code. The attacker could gain the same user rights as the local user. While the Excel file is the only known vector at this time, other similar files for other applications may also exploit this vulnerability.
Saturday the Bethesda, Md.-based SANS Internet Storm Center (ISC) said the malware, known as Exploit-MSExcel.h, is currently only targeting Excel, but "other Office applications are potentially vulnerable."
The French Security Incident Response Team (FrSirt) has deemed the issue critical, and vulnerability clearinghouse Secunia has labeled it highly critical, the organizations' highest respective levels of severity.
Microsoft is in the process of developing an update for Office that addresses this vulnerability, though an update to its Windows Live OneCare safety scanner removes malicious software that attempts to exploit this vulnerability. In the meantime, Microsoft advises users to exercise extreme caution when opening or saving unsolicited attachments or links on Web sites.