Microsoft posted a security bulletin addressing the currently
unpatched Excel vulnerability, which was used in a targeted attack.
This vulnerability, which affects Excel 2000, 2003 and 2004 (for
Mac), can allow remote code execution, although its detailed
implementation may differ from one Excel version to another. An
attacker can exploit this vulnerability by sending a maliciously
crafted Excel file to an unsuspecting user. Security is compromised
when the user opens the Excel file.
As of the moment, it is advisable for users not to open Excel
files coming from a suspicious or unknown source. Several
workarounds to counter this vulnerability have been provided in
this security advisory from Microsoft.
More information about this vulnerability can be found here.