Microsoft warns of Excel hyperlink bug

New vulnerability involves Excel's processing of long links

Hot on the heels of Microsoft's warning of an unpatched flaw in Excel earlier this week, the firm's Security Response Center is investigating reports of a second vulnerability affecting the spreadsheet application.

The company began investigating after the appearance of proof-of-concept PERL script claiming to demonstrate a vulnerability in Excel's processing of long links, according to a posting on the Microsoft Security Response Center blog.

The flaw is actually a vulnerability in 'hlink.dll', a Windows component that handles operations involving hyperlinks.

"Any attempt to exploit this vulnerability would require convincing a user to open a specially crafted Excel document. The user would then have to locate and click on a specially crafted long link in that document," said Microsoft.

"We have not found any way to attempt to exploit this vulnerability that involves simply opening a document. A user must locate and click a hyperlink in the document."

Unlike the earlier Excel flaw, which is actively being exploited by attackers, Microsoft insisted that the new bug is proof-of-concept code only and not an attack.

"We are not aware of any attacks based on this code based on our work with our Microsoft Security Response Alliance partners," the company said.

"As a reminder, it is important to make sure that you only accept and open files from a trusted source, and to be careful what websites you visit."