Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021
http://zerodayinitiative.com/advisories/ZDI-11-040/
http://www.vupen.com/english/advisories/2011/0940
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://www.securitytracker.com/id?1025337
http://secunia.com/advisories/43210
http://secunia.com/advisories/39122
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft