VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The vulnerability is caused by a buffer overflow error when processing malformed ExternName (recType 0x23) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/90523/msexcelen-overflow.txt
Source: https://packetstormsecurity.com/files/90523/Microsoft-Office-Excel-ExternName-Buffer-Overflow.html