Primary

Context

Microsoft Excel Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in Microsoft Office Excel. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple versions of Excel, including the 2016, 2019, and Office LTSC 2021 and 2024 editions, as well as Excel for Mac. The vulnerability arises from improper memory handling, which can be exploited to overwrite memory and execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected system.

Remediation

Users can apply the security update provided by Microsoft to address this vulnerability. Instructions for downloading the update are available on the Microsoft Update Catalog and through the Microsoft 365 Apps Security Updates page.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Excel Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Excel 2016

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating