Microsoft Excel Stack-Based Buffer Overflow Vulnerability Allowing Local Code Execution

A stack-based buffer overflow vulnerability has been identified in Microsoft Office Excel. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple versions of Excel, including the 2016 32-bit and 64-bit editions, Office LTSC for Mac 2024, Office LTSC 2024 for both 32-bit and 64-bit editions, Office LTSC 2021 for 32-bit and 64-bit editions, and Office 2019 for 32-bit and 64-bit editions. The vulnerability also impacts Microsoft 365 Apps for Enterprise for both 32-bit and 64-bit systems, as well as Office Online Server.

Impact

Exploitation of this vulnerability could lead to remote code execution.

Remediation

Users can apply the security update available through the Microsoft Update Catalog. For Microsoft 365 Apps for Enterprise, the security update can be downloaded via the Click to Run channel. Instructions for updating Office LTSC for Mac 2021 and 2024 are also available.