VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The vulnerability is caused by a buffer overflow error when processing malformed HFPicture (recType 0x866) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/90524/msexcelhfpicture-overflow.txt
Source: https://packetstormsecurity.com/files/90524/Microsoft-Office-Excel-HFPicture-Buffer-Overflow.html