A new vulnerability has been discovered in Excel, and it is being dubbed a zero-day exploit(the term is almost running a little dry), one among many discovered in the Office suite this past year. While it doesn't affect Excel 2007, it may impact other applications and does affect Office 2000, Office XP and Office 2003. Of course, as with many Office exploits, it does require user intervention - they need to open an infected file.
Safe computing should protect most, but for those who simply must open every random attachment they receive in their Inboxes, a patch is currently not available. You can read the Microsoft security advisory warning at their site