VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The vulnerability is caused by a buffer overflow error when processing malformed HFPicture (recType 0x866) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
c42e282c333ee7179a1abb732fa303b2cd18cbd6de3e31d6152da91b3a5c206b