Symantec and ZDNet report a new Excel 0-day

ZDNet reported yesterday that Symantec has discovered a remote code-execution vulnerability in Excel 2007 and Excel 2007 SP1. It looks like it is being actively exploited in the wild by a variant of the Mdropper trojan. Attackers can exploit this issue by tricking victims into opening a maliciously crafted Excel file.

The only defense at this point is not to open Excel files unless you trust the source.