Microsoft: Excel Flaw a Windows Bug

Microsoft's Security Response Center said in a blog posting on Wednesday that it was investigating reports of a second vulnerability affecting Excel, and had examined a PERL script that demonstrates the flaw. The company says the problem actually lies in hlink.dll, a Windows component.

The DLL handles operations involving hyperlinks and could affect other programs beyond Excel. However, Microsoft notes that a user would need to open a malicious file and manually click the link. "We have not found any way to attempt to exploit this vulnerability that involves simply opening a document: a user must locate a click a hyperlink in the document," said MSRC's Christopher Budd. He adds that it is early in Microsoft's investigation and "we have our teams working hard on it."