A vulnerability exists in Microsoft Excel which can be exploited to run a code of attacker’s choice on user’s PC. Sufficient data validation is not performed when parsing “Named Range” definitions in the document file, which makes it possible to produce a negative 32-bit value that is later used as a length parameter for the msvcrt.memmove() function. As a result, a large chunk of memory is copied overwriting critical memory ranges, including the stack space. All tests were performed using Microsoft Excel 2003 (11.6560.6568) on Windows XP and Windows 2000 Pro platforms. It is likely that all MS Excel products are vulnerable.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/44667/20060314-1.txt
Source: https://packetstormsecurity.com/files/44667/HexView-Security-Advisory-2006-03-14.1.html