If you haven’t already seen this, take a look. A brief quote:
Microsoft Security Advisory (947563)
Vulnerability in Microsoft Excel Could Allow Remote Code Execution
Published: January 15, 2008
Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. At this time, our initial investigation indicates that customers who are using Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3 are not affected by this vulnerability.
Some of the people telling you in no uncertain terms to avoid SP3 are ignoring the fact that SP3 protects you from a lot of attacks. We did a _lot_ of work fuzzing our apps and fixing bugs. While I’ll never claim that SP3 is unbreakable, it’s a lot more robust than Office 2003 was previously, and this probably won’t be the last time we see an advisory over something that affects SP2 but not SP3.