Targeted attacks in the wild using MS Excel 0-day
Microsoft has confirmed the existence of targeted attacks using 0-day type vulnerability in Microsoft Excel application.
The following product versions have been confirmed as affected in Security Advisory 947563:
Microsoft Office Excel 2003 SP2, Excel 2002, Excel 2000, Excel Viewer 2003 ,and Microsoft Excel 2004 for Mac.
SANS ISC has issued a warning here, Secunia has released 5/5 advisory here and SecurityFocus BID27305 link is here. The advisory from FrSIRT has the most highest severity level as well.
CVE identifier of the 'Header Information Handling issue' is CVE-2008-0081.
Kommentit