writing bugs?
http://www.hexview.com/msva.html
found this when looking at the latest high rated vulnerability, seems MS office is a big security hole, buffer / stack overflow errors allowing for remote execution of arbitrary code.
and the excell spreadsheet / office document can be served from a website to trigger the exploit.
MS’ own security bulliten about it:
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx