In separate alerts sent to subscribers of its DeepSight threat system, Symantec warned that the bugs -- both discovered and disclosed by a Russian researcher with the moniker "sehato" -- could be exploited by attackers to bring down the Office applications.
Microsoft did not immediately respond to an e-mail request for confirmation and comment.
"A remote attacker may exploit this vulnerability by presenting a malicious WMF file to a victim user," said Symantec's report on the Office 2003 flaw. "The issue is triggered when the application is used to insert the malicious file into a document."
Specially crafted WMF (Windows Metafile) image files were the root of a in late 2005 and early 2006 that was launched from hundreds of malicious Web sites and compromised thousands of PCs. This bug seems to be different from the 2005/2006 vulnerability.
The Excel flaw can be leveraged by a malformed spreadsheet file rather than a WMF image, Symantec added.