Primary

Context

Microsoft Excel Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in Microsoft Office Excel. This vulnerability allows an unauthorized attacker to execute code locally on the affected system. It is present in several versions of Microsoft Excel, including Microsoft Office LTSC 2024, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise, both in 32-bit and 64-bit editions.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution on the affected system.

Remediation

Users can apply the security update available through the Microsoft 365 Apps Security Updates channel to address this vulnerability. Instructions for downloading this update can be found on the Microsoft Office Updates page.

Added: Jun 10, 2025, 7:17 PM

Updated: Jun 10, 2025, 7:17 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Excel Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office LTSC 2024

Microsoft 365 Apps for Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating