Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html