Excel vulnerabilities are multiplying after Microsoft's 12 patches package was released for Windows, Office and Exchange. The first flaw, tagged as critical because it allows for remote code execution, was exploited in an isolated case of zero-day attack just last week, the latest vulnerability was made public yesterday.

Both Symantec and Secunia have revealed that the vulnerability is a direct result of how a DLL manages the Hyperlinks in an Excel worksheet and that the problem emerges with the execution of a URL link in an Excel document. The proof-of-concept exploitation code has already been made public, both companies say, but their opinions on how this might be used by an attacker are divided.

"The vulnerability is caused due to a boundary error in hlink.dll within the handling of Hyperlinks in Excel documents. This can be exploited to cause a stack-based buffer overflow (an anomaly where the process will attempt to store data beyond the boundaries of the hardware registries or the allocated memory) by tricking a user into clicking a specially crafted Hyperlink in a malicious Excel document. Successful exploitation allows execution of arbitrary code. The vulnerability has been confirmed in Microsoft Excel 2003 SP2 (fully updated). Other versions and Office products may also be affected," warned Secunia.

Unlike them, Symantec does not believe that the possibility of code execution exists and after examining the proof-of-concept code, it says that the code does not contain a payload and will only cause the process to crash.

Both security companies have advised against opening or following links in Office documents.