A zero-day flaw has been found in Microsoft Office 2000, Office XP, Office 2003, and Office 2004 for Mac.
The vulnerability could allow a specially crafted Excel package to carry malware that could give a hacker full control of an infected PC.
"In a web-based attack, an attacker would have to host a website that contains a Office file that is used to attempt to exploit this vulnerability," said the advisory.
"In addition, compromised sites, and sites that accept or host user-provided content, would need to contain specially crafted content that could exploit this vulnerability.
"An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to persuade them to visit the website, typically by getting them to click a link that takes them to the attacker's site."
The BackDoor-CWA Trojan installs itself on the registry of infected machines and periodically checks for information to be downloaded from Usaaservice.com.
While knowledge of a flaw in Excel has been confirmed, it is not known whether the flaw affects other Office products. Files from Office 2007 or Works 2004/2005/2006 are not affected.
Microsoft is urging users to be careful with unexpected emails containing Office documents, even if they appear to come from an address in the user's corporate network.
Moon's dark side is mountainous, rugged and never visible from the Earth
The groundwater basins in some areas of Tehran have been damaged irreversibly
This is the first time that any spacecraft on Mars has recorded air vibrations on the planet
Arctic sea ice is thickening at a faster rate during winter, thus slowing down long-term decline: NASA
But, the seasonal ice growth could only delay the demise of the Arctic ice cap for a few more decades