Microsoft is warning of a new online threat that targets an unpatched flaw in the Excel spreadsheet application. The vulnerability is exploited when Excel enters the so-called repair mode.

The flaw is actively being exploited by attackers to take control of a system. The vulnerability affects Microsoft Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac.

Attackers will have to persuade users to open an email attachment or download and open a specially crafted file from the web.

Microsoft is developing a patch and most antivirus vendors have created an antidote for the virus.

The Microsoft Excel security advisory said that users should not open Excel files from untrusted sources.

Users should also prevent infection by instructing the email server to block all incoming Excel file types or block the ability inside Outlook to open the documents with the Excel applications.

Users of Excel 2003 should also prevent the application from entering into a repair mode by changing the application's settings.