Zero Day Initiative Advisory 09-040 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires user interaction in that a victim must open a malicious XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. When Excel 2007 encounters a malformed Qsir record (0x806) user data is improperly handled leading to potential code execution. Successful exploitation of this can lead to a remote compromise of the affected system running under the credentials of the currently logged in user.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/78244/ZDI-09-040.txt
Source: https://packetstormsecurity.com/files/78244/Zero-Day-Initiative-Advisory-09-040.html