Microsoft has discovered a security flaw in Excel 2000 that is similar to one found in the previous version of the spreadsheet software, the company said last week.
While working to plug a flaw in Excel 97 called the ODBC Driver Vulnerability, Microsoft officials found another ODBC database driver bug in Excel 2000. The company had originally said that Office 2000 was not affected by the problem.
According to the software giant, the new flaw is related to the IISAM component of the ODBC database driver, and could be exploited using an Excel 2000 query to perform malicious acts. Office users may become vulnerable by opening an infected spreadsheet attached to either an e-mail or Web site link, Microsoft said.
A Microsoft representative said fixes for all of the Excel security bugs were finished, and would be posted Friday for free download by users at officeupdate.microsoft.com. The company also will notify Office users via e-mail.