Bob I wrote...
Stan Brown wrote:
....
And which formats are those? The article doesn't say, and neither
do the articles that it links to.

Information about certain file types that are blocked after you
install Office 2003 Service Pack 3
http://support.microsoft.com/kb/938810/en-us

Not necessarily the same thing. SP3 mostly blocks file types for older
competitors' products (Lotus 123 and Quattro Pro). It also
blocks .DIF, .SLK and .XLC, and only the latter two could be called
Excel file types. SP3 doesn't block any .XLS file types.

This latest security advisory doesn't mention whether the danger (in
Excel's own code) arises from loading files in these less used formats
or from .XLS files. However, since Microsoft's recommended fix (and a
very self-serving fix it is!) is to convert files to the new OOXML
file formats, and since one of their recommended means to do so
involves using a new product called MOICE, details for which may be
found in http://support.microsoft.com/kb/935865, and MOICE doesn't
even handle the file types blocked by SP3 - quoted from the linked KB
article,

MOICE currently supports the following document formats:
* .doc
* .ppt
* .pot
* .pps
* .xls
* .xlt
* .xla

That sure makes it appear that the new vulnerability is in Excel's own
file types, so SP3 would seem to be irrelevant to this new issue
except insofar as Microsoft being happy enough to block file types
that coincidentally happen to be the same ones they no longer support
in Excel 2007. Then again, maybe the new vulnerability is in the file
types blocked by SP3, but Microsoft is using this as just another way
to push users into using OOXML file formats and spurring faster
upgrading to Office 2007. The only thing that's clear is the lack of
full disclosure is classic Microsoft.

Tangential: odd that .dot files aren't included.