A flaw in Microsoft Corp.'s Excel spreadsheet could allow criminals to remotely control a computer, the company confirmed Monday.
Microsoft, the world's biggest software maker, is aware of just one case in which a user was attacked via the vulnerability, according to an online posting by Mike Reavey, the company's lead security program manager.
(MSNBC.com is a joint venture of Microsoft and NBC Universal News.)
In order to become infected, a person must open a maliciously formatted Excel document that is sent via e-mail or other means. The malicious code runs when the spreadsheet is opened. The infection makes it possible for a person to steal passwords, bank accounts and other sensitive information and to use the computer to send spam and carry out other illegal activities.
"Remember to be very careful opening unsolicited attachments from both known and unknown sources," Reavey wrote.
The advisory, which Microsoft issued last week, came days after it issued patches for 21 vulnerabilities in products ranging from its Windows operating system to Office, its bundle of software for word processing, e-mail and other programs. It came a month after the Redmond, Wash.-based company confirmed a flaw in Word, its word processing program.
Last week's patches did not address the latest vulnerability. The next round of updates is scheduled to be made available next month.
Symantec Corp., a maker of security software, said the malicious payload usually arrives in a file with the name okN.xls.
The vulnerability affects computers running Excel on Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.