SehaTo (sehato at yandex ru) reported few vulnerabilities in different Windows applications. Original messages (in Russian) may be found at http://securityvulns.com/source16446.html
Windows explorer (explorer.exe) crashes on browsing folder with corrupted WMF files.
SecurityVulns note: from the very fast debugging results analysis on Windows XP SP2, there is potential code execution possibility (memory corruption), because attacker-controllable data is used to contruct both read and write memory addresses. Deeper research of exploitation possibility was not performed.
IfranView crashes on attempt to view malformed WMF, Microsoft Office crashes on attempt to insert corrupted WMF file.
SecurityVulns note: because of relatively low impact, SecurityVulns did no research on this vulnerability.
2 different crashes in Microsoft Excel on parsing .XLS files (corrupted XML and corrupted XLS formats).
SecurityVulns note: vulnerabilities confirmed on Microsoft Excel 2003. Both vulnerabilities are of NULL-pointer dereference type. Code execution is probably impossible.
-- /3APA3A http://securityvulns.com/