Remember the good old days when vulnerabilities would just affect one platform? Back when there was NO WAY my Commodore 64 could be infected by your TRS-80?
It looks like there is a targeted attack going on (where a virus is created and only sent to specific targets so the antivirus companies don’t notice it). It takes advantage of a flaw in older versions of Microsoft Excel. Microsoft’s advisory is here.
It’s not the kind of thing most of you will have to worry about unless you become the target, but I’m always interested in 0day attacks and cross-platform vulnerabilities.
More from Brian Krebs and the Microsoft Advisory:
According to Microsoft’s security advisory, this vulnerability affects Microsoft Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. People who are using Microsoft Office Excel 2007, Microsoft Excel 2008 for Mac or have installed Microsoft Office Excel 2003 Service Pack 3 are not affected.