Microsoft Excel files might contain a malicious macros. A remote attacker could send spam e-mails including those macros, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system.