My latest research, on exploiting spreadsheet-export functionality to attack users via malicious formulae, is over at: http://contextis.co.uk/blog/comma-separated-vulnerabilities/ Please note I no longer work at Context.