"Microsoft released its March 2008 security bulletin, which includes four bulletins, all deemed critical by Microsoft. The most serious of these affects Microsoft Excel, which alone has six specific "Common Vulnerablities and Exposures" vulnerabilities noted, one of which has been exploited in the wild.
The next most serious affects Microsoft Outlook. In that one, a vulnerability in how the software parses "mailto" URIs could lead to remote code execution. A third bulletin affects how various Microsoft Office apps open maliciously crafted files. The final bulletin concerns how Office interfaces with the Web and includes one vulnerability that has been known but unpatched since September 2006. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below." – Content courtesy of Microsoft fixes a dozen Office flaws in four patches; all are critical | Defense in Depth – computer security, hacking, crime, viruses – CNET News.com