Microsoft Excel 2000, 2002, 2003, 2004 for Mac and Excel X for Mac contain a vulnerability that could allow a remote attacker to execute arbitrary code on an affected system.
The vulnerability exists due to insufficient bounds checking of user-supplied data within Excel files. A remote attacker could exploit this vulnerability by convincing a user to open a crafted Excel file containing a malformed graphic. This could result in a buffer overflow condition, allowing an attacker to execute arbitrary code with permissions of the user opening the document.
Microsoft has acknowledged this vulnerability in security bulletin MS06-012 and has released patches that correct it.