There are multiple remote code execution vulnerabilities in the Excel. An attacker could exploit the vulnerability by opening a specially crafted file which could be hosted on a Web site, or included as an e-mail attachment. The risk is MEDIUM. Depending on the attack scenario, the vulnerability could lead to remote code execution ona user's local Excel client, or it could lead to elevation of privilage within a SharePoint Server.
More...