Microsoft Excel Type Confusion Vulnerability Leading to Remote Code Execution

A type confusion vulnerability has been identified in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This issue arises from the access of a resource using an incompatible type, creating a scenario where an attacker could manipulate the execution flow to execute arbitrary code.

Impact

Exploitation of this vulnerability could result in remote code execution.

Remediation

Security updates for this vulnerability are available for Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024, Microsoft Excel 2016 (32-bit and 64-bit editions), Microsoft Office LTSC 2024 for 32-bit and 64-bit editions, Microsoft Office LTSC 2021 for 32-bit and 64-bit editions, Microsoft 365 Apps for Enterprise for 32-bit and 64-bit systems, Microsoft Office 2019 for 32-bit and 64-bit editions, and Office Online Server. Instructions for downloading these updates can be found in the Microsoft Update Catalog or through the Microsoft 365 Apps Security Updates page.