A zero-day flaw has been found in Microsoft Office 2000, Office XP, Office 2003, and Office 2004 for Mac.
The vulnerability could allow a specially crafted Excel package to carry malware that could give a hacker full control of an infected PC.
"In a web-based attack, an attacker would have to host a website that contains a Office file that is used to attempt to exploit this vulnerability," said the advisory.
"In addition, compromised sites, and sites that accept or host user-provided content, would need to contain specially crafted content that could exploit this vulnerability.
"An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to persuade them to visit the website, typically by getting them to click a link that takes them to the attacker's site."
The BackDoor-CWA Trojan installs itself on the registry of infected machines and periodically checks for information to be downloaded from Usaaservice.com.
While knowledge of a flaw in Excel has been confirmed, it is not known whether the flaw affects other Office products. Files from Office 2007 or Works 2004/2005/2006 are not affected.
Microsoft is urging users to be careful with unexpected emails containing Office documents, even if they appear to come from an address in the user's corporate network.
Sophisticated mobile malware campaign could help hackers gain access to users' iPhones, warns McAfee
iPhone users tricked into installing open-source mobile device management software
Sailed through the uphill climb with a maximum speed of 75 mph
'Space sails' based on photonic materials funded by NASA's Innovative Advanced Concepts programme
HP Z Workstations include small form-factor Z2 Mini G4 with Nvidia Quadro or AMD Radeon Pro GPUs