Secunia has published an advisory regarding flaws in gnumerinc's XLS parser:
Quoting the advisory:
The vulnerability is caused due to integer overflows and signedness errors
when processing XLS HLINK opcodes within the "excel_read_HLINK()" function
in plugins/excel/ms-excel-read.c. This can be exploited to corrupt the stack
via a specially crafted XLS file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 1.6.3. Versions prior to 1.8.1 may
also be affected.
Described issue should be fixed in upstream version 1.8.1.
Patch as committed to upstream SVN:
gnumeric-1.6.3-14.fc8 has been submitted as an update for Fedora 8
gnumeric-1.6.3-14.fc7 has been submitted as an update for Fedora 7
gnumeric-1.6.3-14.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
gnumeric-1.6.3-14.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed in: