Microsoft has warned of an unpatched vulnerability in its Office productivity suite.

The bug, which arises from an unspecified flaw in handling strings, might be exploited to corrupt memory on a vulnerable system. The flaw allows malware to be loaded onto exposed systems providing users are tricked into opening maliciously-constructed files. Computers running Microsoft Office 2000, Office XP, Office 2003, and Microsoft Office 2004 for Mac are all potentially vulnerable.

The vulnerability is the subject of active hacking attacks albeit to a "very limited" extent, Microsoft warns. Although Excel is currently the sole vector of these zero-day attacks, other Office applications may also be affected. Users are advised not to open untrusted Office documents pending the release of patches from Microsoft. ®

Related stories

• Unpatched Windows PCs own3d in less than four minutes (15 July 2008)
• Hackers go after Excel (17 January 2008)
• One in five apps are insecure (21 December 2007)
• Macrovision update plugs zero-day DRM exploit (6 November 2007)
• Talking Trojan taunts victims (3 July 2007)
• Microsoft releases security tool for Office 2003 (22 May 2007)
• MS to 'backport' Office 2007 security improvements (30 April 2007)
• Microsoft zero-days said to target Office and Windows (11 April 2007)
• Microsoft's search excels in spreading malware (20 March 2007)
• Interview The rise of zero-day patches (2 March 2007)
• Comment Google set to challenge Microsoft's office monopoly (27 February 2007)
• Microsoft probes new Office vulnerability (15 February 2007)
• Simon says: let me hack your Vista PC (1 February 2007)
• Vista raises the bar for flaw finders (31 January 2007)
• MS January patch update omits critical Word fix (10 January 2007)
• IE 'unsafe' for 284 days last year (5 January 2007)
• eEye launches 0-day tracker site (7 December 2006)
• Unpatched Word flaw menaces civilisation (6 December 2006)
• Another day, another zero-day MS exploit (28 September 2006)