The security hole exists because Excel fails to properly check user-supplied input before copying it to an insufficiently sized memory buffer, Symantec said. Excel 2003 and Excel XP are vulnerable, and other versions may also be affected, Symantec said.
Considering the millions that use Excel, the potential for widespread infection exists, though likely most users will not have to worry about it. As long as standard security practices and threat detection systems in most businesses are in place, and people aren't careless about downloading files, the risk of propagation goes down to almost nil. Still, it can't be an easy week for Microsoft.